Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Personnel Security module. It is important to manage your personnel security, because your personnel are most likely to affect your company's computer security. To reduce the risk from your personnel, it is important to make sure that you hire trustworthy and competent individuals to work for your company.
It is very important that you implement personnel security controls throughout the employment process. When you are advertising a position that you are looking for a candidate for, it is important to make sure that you provide a clear job description, so that you attract appropriately qualified individuals. It is important to make sure that you interview and screen your staff appropriately before hiring them and only hire these individuals once you have done proper fact checking, such as verifying their previous employment history, they're degrees and they're certifications.
It is important to provide security training for your new personnel, as well as on going training for your existing personnel. This should be done at least once a year. It is also critical to follow proper procedures when an employee separates from the company. In order to ensure the security of your company, there are several steps you should take before hiring employees and when an employee is being terminated.
Prior to hiring, you should conduct background checks, reference checks, check driving records, credit checks, which may not be legal in some states and drug screening as well to make sure that candidates are appropriate for your organization and will not prove to be a security risk. Once an employee decides to separate from the company or you decide that it is necessary to terminate employees, you should make sure that their computer accounts are disabled before you notify them that they are being terminated.
You should review any non-disclosure agreements or NDAs that are in place and make sure that your employee's questions are answered. Make sure to collect all company property, such as laptop computers, keys, ID badges. And once you have finished this process, you should make sure to escort the individual off of the property.
You should conduct an exit interview. You should also make sure that you change all combination locks or cipher locks and you should always try to be respectful, and friendly with these individuals, and treat them the way that you would want to be treated. No one wants to be terminated from their position.
And if you make this an unfriendly process, you were more likely to invite retaliation from the employee. It is very important to make sure that we are screening our candidates appropriately before hiring them. This should be done by your human resources personnel and it starts with advertising a clear job description, so that you have appropriate individuals applying. You should interview candidates in person, so that you can get an idea of who they are and you should also require proper identification and proof of citizenship as required by federal law. You should also check your employee's references and conduct background checks. Background checks include criminal history checks.
You may want to check on their driving record, if they're going to be using your vehicles or if they're going to be using their personal vehicles while on company business. You should perform a drug abuse check and also make sure to wait for the results before hiring them and you should verify the degrees, their licenses and certifications as well.
You should verify their social security number if the position requires a security clearance, then you should verify their security clearance is valid. And you should check with legal counsel before conducive any social media screening such as their face book or Twitter, because this may now be illegal in certain states.
When you do hire a new employee, you should provide them with initial security awareness training. You should make sure to present them with your company's acceptable use policy and make sure they sign a copy of this policy. If you are permitted to use contracts, this is an even better option than an AUP or Acceptable Use Policy.
You wanna make sure that your employee signs any agreements, such as non-disclosure agreements or NDA's and any intellectual property agreements. And you should never provide employees with any access to your IT resources or any confidential information until the thorough background check is complete, and this is something that you do wanna remember for the CISSP exam.
We will not let individuals access our systems until their background check has been completed and we found the results to be satisfactory. It is very important to make sure that your Acceptable Use Policy or AUP is very clear. The policy should be applied to all employees regardless of their level or position in the company and it provides for a mutual understanding between the employer, and the employee as to the conduct that will be tolerated on the information systems.
You should provide clear penalties for noncompliance and you should be sure to use easy to understand terms. The individual should not need to have a law degree to understand your Acceptable Use Policy. Employees should also be aware that if they accidentally violate the policy, they should report it immediately rather than waiting for the employer to find the violation.
It is important to consider privacy issues when monitoring your employees. You should be familiar with your local labor laws, which may prohibit you from monitoring your employees computer activities. You should also be aware of the reasonable expectation of privacy that all United States citizens have come to expect.
Before monitoring employees computer behavior and activities, you should give the employee notification that they will be monitored and have them sign a policy acknowledging the fact that they know they will be monitored. You should notify the employees that they will be monitored or you should not monitor them.
You can provide a banner as a reminder to your employees that they are being monitored and you should provide ongoing security awareness training. It is important to make sure that any monitoring is lawful to avoid any problems with law enforcement. You should not target any specific individuals. You should either monitor all employees or monitor no employees and it's also important to determine with your management staff what you'd actually like to monitor.
Are you going to do keystroke monitoring? Are you gonna use surveillance cameras? Are you listening to the employees telephone calls, reading their emails? You should attempt to come up with a standard set of policies that you will follow in this area. You can use the European Union's seven principles of workplace privacy, as a guide when attempting to come up with your privacy monitoring policies.
This concludes our Personnel Security module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!