1. When an organization undertakes an information security-driven review of job descriptions, which job descriptions must be reviewed? Which IT jobs not directly associated with information security should be reviewed?
2. List and describe the criteria for selecting information security personnel.
4. What attributes do organizations seek in a candidate when hiring information security professionals? Prioritize this list of attributes and justify your ranking.
5. What are the critical issues that management must consider when dismissing an employee? Do these issues change based on whether the departure is friendly or hostile?
9. What functions does the CISO perform, and what are the key qualifications and requrements for the position?
10. What functions does the security manager perform, and what are the key qualifications and requirements of the position?
11. What functions does the security technician perform, and what are the key qualifications and requirements for the position.
12. What functions does the internal security consultant perform, and what are the key qualifications and requirements for the position?
13. What is the rationale for acquiring professional credentials?
14. List and describe the certification credentials available to information security professionals.
19. What is separation of duties? How can this method be used to improve and organizations information security practices?
20. What is least privilege? Why is implementing least privilege important?