1. Search your libraryís database and the Web for an article about people who violate their organizationís policy and are terminated. Did you find many? Why or why not?
I found some articles and posts regarding this. The reason I could not find many documents when I did my search is because, normally, these documents are shared internally within the organization and not with the general public. However, some of these reports, especially with some of the most curious reasons or actions, the newspapers or local TVs cover the case. People are fired for many reasons, some of them performed and illegitimate action on purpose, others did not know they were acting against the policies of the organization (and even some of them where just following orders). Also, this documents can show some of the weaknesses of an organization. It can show if their policies are outdated or not well explained, lack of training, and even bad skills when it comes to recruiting.
2. Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in the tests for the CISSP and SSCP certifications. What areas must you study that are not included in this text?
CISSP Certification candidates must meet the following requirements prior to taking the CISSP examination.
- Subscribe to the (ISC)2 Code of Ethics
- Have a minimum 3 years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK)
- Information not covered in this text:
o Applications and Systems Development
o Law, investigation and ethics
SSCP Certification candidates must meet the following requirements prior to taking the CISSP examination.
- Subscribe to the (ISC)2 Code of Ethics.
- Have at least one year of cumulative work experience in one or more of the seven test domains in information systems security.
- Information not covered in this text:
o Audit and Monitoring
o Malicious Code/Malware
3. Using the Web, identify some certifications with an information security component that were not discussed in this chapter.
MCP: Microsoft Certified
Professional (MCP) certification validates IT professional and developer
technical expertise through rigorous, industry-proven, and industry-recognized
exams. MCP exams cover a wide range of Microsoft products, technologies, and
MCSD: This certification validates that you have the skills needed to build modern mobile and/or web applications and services.
MOSC: Demonstrate that you have the skills needed to get the most out of Office by earning a Microsoft Office Specialist (MOS) certification in a specific Office program.
MCT: Microsoft Certified Trainers (MCTs) are the premier technical and instructional experts in Microsoft technologies. Join this exclusive group of Microsoft technical training professionals and reap the benefits of MCT training certification and membership, including access to the complete library of official Microsoft training and certification products; substantial discounts on exams, books, and Microsoft products; readiness resources and access to a members-only online community; and invitations to exclusive events and programs.
4. Search the Web for at least five job postings for a security analyst. What qualifications do the listing have in common?
The description of the position is: Job duties typically include planning and implementing security measures to protect computer systems, networks and data. Information security analysts are expected to stay up-to-date on the latest intelligence, including hackersí methodologies, in order to anticipate security breaches. They also are responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Additional duties may include:
Creating, testing and implementing network disaster recovery plans
Performing risk assessments and testing of data processing systems
Some of the qualifications that are required include: A computer science degree or equivalent, 2-5 years of experience working for a technology company, some professional certificates that demonstrate required skills, especially certificates related with network skills.
5. Search the Web for three different employee hiring and termination policies. Review each and look carefully for inconsistencies. Do each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organizationís information? Create your own version of either hiring policy or termination policy.
Hiring Policy: name of the company is committed to employing, in its best judgment, the best qualified candidates for approved company positions while engaging in recruitment and selection practices that are in compliance with all applicable employment laws. It is the policy of Company Name to provide equal employment opportunity for employment to all applicants and employees.
Termination Policy: It is the policy of Company Name to ensure that employee terminations, including voluntary and involuntary terminations and terminations due to the death of an employee, are handled in a professional manner with minimal disruption to the workplace.
Employment with Company Name is voluntary and subject to termination by the employee or Company Name at will, with or without cause, and with or without notice, at any time. Nothing in these policies shall be interpreted to be in conflict with or to eliminate or modify in any way the employment-at-will status of [Company Name] employees.
The appropriate authorization is required to initiate any action for an open position, including any recruitment efforts, advertising, interviewing and offers of employment, and is required to extend any offers of employment to any candidate.