THE CISSP
EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
·
Understand
the following security concepts
o
Need-to-know/
least privilege; Separation of duties and responsibilities; Monitor special
privileges (e.g., operators, administrators); Job rotation; Marking, handling,
storing, and destroying of sensitive information and media; Record retention
·
Employ
resource protection
o
Media
management; Asset management; Personnel privacy and safety
·
Understand
configuration management concepts
Many areas of day-to-day operations are susceptible to security breaches. Therefore, all standards,
guidelines, and procedures should clearly define personnel management
practices. Important aspects of personnel management include antivirus
management and operations security.
Personnel
management is a form of administrative control or administrative management.
You must include clearly defined personnel management practices in your security policy and subsequent formalized security documentation. From a security perspective, personnel management
focuses on three main areas: hiring practices, ongoing job performance, and
termination procedures.
No comments:
Post a Comment