Tanner Carlson

ITS 370


CH 11

1.     Search your library’s database and the Web for an article about people who violate their organization’s policy and are terminated. Did you find many? Why or why not?

After searching the internet for “organization policy violations”, “policy violations” and “termination for violating policy” I did not find many real life examples of a person being fired due to violation of their organizations policies. Many search results were related to what to do if an employee violates your organizations rules, or what to do if you see a coworker violate the rules. I think most organizations would not find the need to publish the termination of employees due to policy violations.

2.     Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in the test for the CISSP and SSCP certifications. What areas must you study that are not included in this text?

Although the questions requires me to go to isc2.org, the website was not functioning, so I decided to Google CISSP and SSCP certifications instead. Besides the four main areas that are included in the test to become a CISSP (meet experience requirements, pass the exam, obtain an endorsement and prepare for an audit), I think that one should have sufficient knowledge of databases and building/maintaining websites.

3.     Using the Web, identify some certifications with an information security component that were not discussed in this chapter.

Some information security components that would be beneficial to become certified in would be information systems security engineering professional, EC-Council licensed penetration tester, GIAC certified penetration tester, GIAC security essentials, cybersecurity forensic analyst, EC-Council certified secure programmer, check point certified security expert, and certified secure software lifecycle professional. Although time consuming and difficult, any of the above certifications would certainly look good on anyone’s resume, especially if they are pursuing a career in IT or any career that is technology related.

4.     Search the Web for at least five job postings for a security analyst. What qualifications do the listings have in common?

Many of the job listings in the Duluth Minnesota area have qualifications such as; specifies data and information classification, sensitivity, and need-to-know requirements by information type performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems, validates that engineered information security and application security controls meet requirements, collaborates with IT P&T function to integrate security functions into the project management process, develops the information security awareness and training program policy and evaluates the program’s compliance with PSPs plans and schedules the delivery of learning activities, based on learning objectives, and manages the delivery of programs of learning.


5.     Search the Web for three different employee hiring and terminations policies. Review each and look carefully for inconsistencies. DO each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organization’s information? Create you own version of either a hiring policy or a termination policy.

The policies that I found did have sections that addressed information security requirements. To be successful, a termination policy should have clear guidelines and what cannot be exposed to the general population. If any information that cannot be disclosed is disclosed, the employee or party involved should be terminated immediately. If I were to create a hiring policy, I would make hiring the individual based on past experiences with information technology.