Staff Management Flashcards
What is Vetting?
Depending on the nature of the task, you might include checking employment history and criminal records
What is Security Culture?
A set of attitudes that are inherent in the daily operation of an organisation
What is Security Awareness?
Staff must understand the threats, not just know what to do in the case of them
What are Codes of Conduct?
Codes of Conduct can specify obligations of employees for security, as well as ethics and standards
What is an Acceptable-Use Policy?
How employees can use organisation information and systems
What is Segregation of Duties?
Dividing the authority to perform certain sensitive tasks amongst multiple users
Why is Segregation of Duties necessary?
Focusing too much authority in one person carries serious risks, and by separating the roles you also manage risks of collusion and fraud
User authentication is obviously used for restriction, but what else is it useful for?
User authentication also ensures accountability by easily seeing which acts are committed by what accounts
What is the difference between identification and authentication?
Identification is the act of learning an identifier for an individual e.g. a name, which authentication is verifying that identifier is in fact with said individual
What is the purpose of security training?
To make sure that organisations have everyone comply with the information security policies and procedures
What are the two approaches to security training?
Specific information security training, and raising awareness of information security