Staff Management Flashcards

1
Q

What is Vetting?

A

Depending on the nature of the task, you might include checking employment history and criminal records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Security Culture?

A

A set of attitudes that are inherent in the daily operation of an organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Security Awareness?

A

Staff must understand the threats, not just know what to do in the case of them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Codes of Conduct?

A

Codes of Conduct can specify obligations of employees for security, as well as ethics and standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an Acceptable-Use Policy?

A

How employees can use organisation information and systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Segregation of Duties?

A

Dividing the authority to perform certain sensitive tasks amongst multiple users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is Segregation of Duties necessary?

A

Focusing too much authority in one person carries serious risks, and by separating the roles you also manage risks of collusion and fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

User authentication is obviously used for restriction, but what else is it useful for?

A

User authentication also ensures accountability by easily seeing which acts are committed by what accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between identification and authentication?

A

Identification is the act of learning an identifier for an individual e.g. a name, which authentication is verifying that identifier is in fact with said individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of security training?

A

To make sure that organisations have everyone comply with the information security policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the two approaches to security training?

A

Specific information security training, and raising awareness of information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly