Ayesha Rajbhandari
CH12

 

1.    Search your library’s database and the Web for an article about people who violate their organization’s policy and are terminated. Did you find many? Why or why not?

  Employers are allowed by law to terminate workers based on any type of behavior they seem like is unacceptable. However, laws and court decisions are protected when employers action takes place. I could not find a lot of database because I think they will reveal weakness in the organization and possible poor judgement in the hiring and or retention of the terminates employees.

 

2.    Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in the tests for the CISSP and SSCP certifications. What areas must you study that are not included in this text?

CISSPs assures security of the business. We need to know cryptography and we also need to protect our business which keeping it on the server for sharing purposes.

SSCP is associated with IT knowledge like data center systems, databases, web services, virtualization, mobility and networking. We have to study Database management system, cloud computing and computer networks.

       

 

3.     Using the Web, identify some certifications with an information security component that were not discussed in this chapter.

CCIE security: CCIE is a certification since 2002. For those interested in dealing with information security topics, tools and technologies in network built using or around Cisco products and platforms.

Network certified design expert (NCDE): this is a certification where 4 of them includes security components such as alteaon security, convity security, ethernal switching and wireless LAN. People have advanced knowledge of planning, designing and engineering with product solution including security aspects.

 

4.    Search the Web for at least five job postings for a security analyst. What qualifications do the listings have in common?

a.    IDS analyst – monitor alerts, identify alerts as false, troubleshoot or escalate appropriate use, higher level will be expected to provide heavy mentoring and have a logical mind set when resolving these threats. Required skills for IDS analyst are:

Active secret clearance, real secure, windows.

b.   Information assurance – on a daily basis this person would ensure anti-virus are up to date, conduct vulnerabilities scanning issues, audit systems for malicious files as well as other classified and non-classified duties in windows Linux environment. To be qualified for this position, candidates need 2-5 years of information assurance security experience and ability t obtain a security clearance. Required skills information assurance.

 

5.     Search the Web for three different employee-hiring and termination policies. Review each and look carefully for inconsistencies. Do each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organization’s information? Create your own version of either a hiring policy or a termination policy.

      Hiring policies:

Job postings: organizations post all regular job openings on intranet and flexes for employees to review. These jobs will remain posted until the position is filled. This process is held at regular intervals.

If the HR department receives positive results from the reference checks, criminal background check then they will notify the candidate job offer.