1. Search your libraryís database and the Web for an article about people who violate their organizationís policy and are terminated. Did you find many? Why or why not?
As I was looking up in the library database and online for people who violated organizationís policy and got terminated, I didnít find many examples. The ones that I found were very famous cases where the public got involved, but I didnít find much more than that. My guess on the reason for that is because those cases are private to the company and do not have to be divulgated to the public, and also because if this happened, the company might fear that it reflects poor hiring decisions on their part as well and that would not be a good marketing strategy for them to tell everyone about these kinds of situations.
2. Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in the tests for the CISSP and SSCP certifications. What areas must you study that are not included in this text?
Here are the areas that you must study and that are not included in the text. Application & Systems Development, Law, Investigation & Ethics, Audit and monitoring, Malicious code//Malware, Cryptography. These are very important to study but unfortunately, they are not covered in the text and if someone doesnít pay attention and doesnít do their research properly, they will be surprised when taking the certifications because they will not be ready.
3. Using the Web, identify some certifications with an information security component that were not discussed in this chapter.
The following are some certifications with an information security component that I found online and that were not discussed in this chapter. There were a lot more but here are the ones that came up most frequently and that seemed the most interesting. NetScreen, Microsoft Certified Professional (MCP),Microsoft Certified Systems Engineer (MCSE), Microsoft Certified Professional Internet(MCP+I), Microsoft Certified Systems Administrator (MCSA), Microsoft Certified Professional Site Building (MCP+SB), Microsoft Certified Solutions Developer (MCSD), Microsoft CertifiedDatabase Administrator (MCDBA), Microsoft Certified Application Developer (MCAD),Microsoft Certified Trainer (MCT), Microsoft Office User Specialist (MOUS)
4. Search the Web for at least five job postings for a security administrator. What qualifications do the listings have in common?
Here are some of the things that the job postings had in common (I looked at Indeed.com for job openings and found very many). First, for their qualifications, they had application security, LDAP to third party synch, directory services, single sign on. Then for their skills, DAP-Active Directory, Netscape Directory or Open LDAP, UNIX Security Architect. Finally, one of the most common responsibilities was assessing existing environment, planning a comprehensive security approach, and executing the plan to completion.
5. Search the Web for three different employees hiring and termination policies. Review each and look carefully for inconsistencies. Do each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organizationís information? Create your own version of either a hiring policy or a termination policy.
Of the three hiring/termination policies reviewed, none of them contained any information regarding information security requirements. All of them included information about benefits, payment information, and other corporate policy information. At most, the policies included information about an exit interview.
A termination policy should include clauses about taking and revealing corporate information that they have learned or been privileged to while employed. It should also include clauses concerning deleting or altering company information for malicious purposes. All the clauses should clearly define the consequences and lengths to which the company is willing to ensure the company is protected.