Its 370

Nan Hu

Chapter 11

1.      Search your libraryís database and the Web for an article about people who violate their organizationís policy and are terminated. Did you find many? Why or why not?

††††† I did a search on libraryís database, and I didnít really find any information about the people who violate their organizationís policy, because not every organization are required to be share every information they got, and also they are not been required to be share any information they donít want to. Many time they are just required to be remain silence.

2.     Go to the (ISC)Web site at Research the knowledge areas included in the tests for the CISSP and SSCP certifications. What areas must you study that are not included in this text?

††††† CISSP is the most-esteemed cybersecurity certification in the world. The CISSP recognizes information security leaders who understand cybersecurity strategy, as well as hands-on implementation. It shows you have the knowledge and experience to design, develop and manage the overall security posture of an organization. ††††† The SSCP certification validates your knowledge and experience. Itís a way to be taken more seriously. SSCPs have a voice in decisions, and their teams value their advice.

††††† The SSCP can spark career growth. It can lead to higher pay, promotions, more complex work, exciting challenges, project lead roles and even better jobs.

††††† The SSCP not only proves your knowledge, it helps you develop new skills you can instantly apply in your day-to-day work. And youíll stay up-to-date on emerging security threats.

3.     Using the Web, identify some certifications with an information security component that were not discussed in this chapter.


When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties.

Information has value, especially in todayís world. Bank account statements, personal information, credit card numbers, trade secrets, government documents. Every one has information they wish to keep a secret. Protecting such information is a very major part of information security.

A very key component of protecting information confidentiality would be encryption. Encryption ensures that only the right people (people who knows the key) can read the information. Encryption is VERY widespread in todayís environment and can be found in almost every major protocol in use. A very prominent example will be SSL/TLS, a security protocol for communications over the internet that has been used in conjunction with a large number of internet protocols to ensure security.


Integrity of information refers to protecting information from being modified by unauthorized parties.

Information only has value if it is correct. Information that has been tampered with could prove costly. For example, if you were sending an online money transfer for $100, but the information was tampered in such a way that you actually sent $10,000, it could prove to be very costly for you.

As with data confidentiality, cryptography plays a very major role in ensuring data integrity. Commonly used methods to protect data integrity includes hashing the data you receive and comparing it with the hash of the original message. However, this means that the hash of the original data must be provided to you in a secure fashion. More convenient methods would be to use existing schemes such as GPG to digitally sign the data.


†4.     Search the Web for at least five job postings for a security analyst. What qualifications do the listings have in common?



they are all required to have the skill about:† LDAP-Active Directory, Netscape Directory, or Open LDAP† and† UNIX Security Architect.

5.     Search the Web for three different employee-hiring and termination policies. Review each and look carefully for inconsistencies. Do each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organizationís information? Create your own version of either a hiring policy or a termination policy.

Yes they all have the sections that address information security requirement. The information security clauses should a termination policy to prevent disclosure of an organizationís information. Disciplinary Termination

Inasmuch as most states in the United States follow the traditional ďemployment-at-willĒ doctrine, employers are generally free to discharge an employee for any reason not expressly prohibited by law.  However, if the reason for discharge seems unreasonable, the reason may be deemed a pretext for discrimination or some other unlawful motive should litigation follow the discharge.  Therefore, it is in the best interest of all employers to carefully document the reasons for terminating an employee and make every effort to avoid arbitrary and capricious terminations.