CISSP - Certified Information Systems Security Professional
CISSP - Certified Information Systems Security Professional
Exam (elaborations)
CISSP Chapter 2: Personnel Security and Risk Management Concepts Exam Questions And Answers 100% Pass
0 view 0 purchase
Course
CISSP - Certified Information Systems Security Professional
Institution
CISSP - Certified Information Systems Security Professional
CISSP Chapter 2: Personnel Security and
Risk Management Concepts Exam Questions
And Answers 100% Pass
_________ are the weakest element in any security solution. - answerHumans
________ should address security issues and are one of the first ways of doing so. - answerJob
Descriptions
_______ ...
CISSP Chapter 2: Personnel Security and
Risk Management Concepts Exam Questions
And Answers 100% Pass
_________ are the weakest element in any security solution. - answer✔Humans
________ should address security issues and are one of the first ways of doing so. - answer✔Job
Descriptions
_______ is the security concept in which critical, significant, and sensitive work tasks are
divided among several individual administrators or high-level operators, preventing one person
from having the ability to undermine or subvert vital security mechanisms. Good job descriptions
create this. - answer✔Separation of Duties
Separation of duty protects against __________, which is the occurrence of negative activity
undertaken by two or more people, often for the purposes of fraud, theft, or espionage. -
answer✔Collusion
_________ are the specific work tasks an employee is required to perform on a regular basis.
Everything should be set with the principle of least privilege. - answer✔Job responsibilities
________ is simply a means by which an organization improves its overall security. It provides a
type of knowledge redundancy where everyone knows how to help fix problems and reduces the
risk of fraud, data modification, theft, sabotage, or misuse of information. - answer✔Job rotation
Often a _________ is signed when an employee is hired to protect confidential information
within an organization from being disclosed by a former employee. - answer✔Nondisclosure
Agreement (NDA)
Often a _______ is signed when an employee is hired to prevent them from working for a
competitor if they are to be let go. - answer✔Noncompete Agreement (NCA)
___________ give time for auditing to make sure employee responsibilities haven't drifted. -
answer✔Mandatory vacations
Key aspects of employee termination - answer✔Private with a witness, employee escorted off,
all credentials taken, exit interviews to review the NDA, and termination of their network
account.
Vendor, consultant, and contractor controls are used to define the levels of performance,
expectation, compensation, and consequences for entities, persons, or organizations that are
external to the primary organization. Often these controls are defined in a document or policy
known as a ________ that addresses system uptime, maximum consecutive downtime, peak
load, average load, responsibility for diagnostics, and failover time if redundancy is in place.
May also include financial/other contractual remedies if the agreement is not maintained. -
answer✔Service-Level Agreement
________ is the act of conforming to or adhering to rules, policies, regulations, standards, or
requirements. - answer✔Compliance
__________ is the collection of practices related to supporting, defining, and directing the
security efforts of an organization. - answer✔Security Governance
_________ is the system of oversight that may be mandated by law, regulation, industry
standards, contractual obligation, or licensing requirements. Often involves an outside
investigator or auditor. - answer✔Third-party governance
_________ is the process of reading the exchanged materials and verifying them against
standards and expectations. Typically performed before any on-site inspections. -
answer✔Documentation review
Bad documents can result in a loss or of a voiding of _________or lead to a temporary one
pending review. - answer✔authorization to operate (ATO)
The possibility that something could happen to damage, destroy, or disclose data or other
resources is known as ______. - answer✔Risk
_______ is a detailed process of identifying factors that could damage or disclose data,
evaluating those factors in light of data value and countermeasure cost, and implementing cost-
effective solutions for mitigating or reducing risk. - answer✔Risk management
The primary goal of risk management is? - answer✔To reduce risk to an acceptable level.
The process by which the goals of risk management are achieved is known as _________. -
answer✔Risk analysis
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Thebright. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
