Human Resources Security in Cybersecurity

Questions and Answers

Which of the following is a stage in the employee lifecycle?

• Recruitment (correct)
• Sales
• Marketing
• Finance

What is the purpose of confidentiality and acceptable use agreements?

• To protect the data and privacy of the job seeker (correct)
• To reveal information about the company's IT infrastructure
• To outline the responsibilities of the job seeker
• To provide security education and training

What should online job description postings avoid revealing?

• Information about the company's IT infrastructure (correct)
• The company's commitment to security
• The position responsibilities
• The mission of the organization

Why should job candidates never gain access to secured areas during an interview?

To avoid revealing too much about the company (D)

What should organizations do to protect themselves when screening prospective employees?

Run extensive background checks on potential employees (D)

What is the purpose of running extensive background checks on potential employees?

To protect the data and privacy of the job seeker (A)

What are the risks of online employment ads?

Revealing information about the company's IT infrastructure (D)

What is the relationship between cybersecurity and personnel practices?

Personnel practices play a crucial role in cybersecurity (A)

What should companies do to protect the data and privacy of job seekers?

Run extensive background checks (A)

What should be included in security education, training, and awareness programs?

Confidentiality and acceptable use agreements (C)

Which phase of the government clearance process involves the granting or denial of clearance at a specific level?

Adjudication phase (B)

What is user provisioning?

Creating user accounts and group memberships (A)

What should be provided to a new employee during the onboarding phase?

All of the above (D)

What is the purpose of a confidentiality or non-disclosure agreement?

To protect sensitive information (D)

What is an acceptable use agreement?

A policy contract between the company and information systems user (D)

According to NIST, what is the importance of security education and training?

To train employees on cybersecurity (B)

What is the purpose of the background check phase?

To gather only relevant information about the work employees perform (A)

What falls under FERPA in the context of background checks?

Educational records (D)

What is the main concern during the termination phase?

The disclosure of sensitive information by the terminated employee (A)

Why is training workers to defend against social engineering attacks important?

To protect sensitive information (A)

Which of the following is NOT true about security awareness campaigns?

They are a form of training (A)

What should be done when advertising job openings online to protect security?

Take care not to give away any information that could compromise security (A)

What is the purpose of an acceptable use agreement?

To define data classifications and handling standards (B)

What is included in the employee life cycle?

Recruitment, onboarding, user provisioning (B)

How should termination be handled to ensure security?

Lock the employee out of all systems before informing them (D)

What is the purpose of background checks in the hiring process?

To screen job candidates (B)

What is the main difference between security awareness and security training?

Security awareness focuses on changing employee behavior, while security training teaches skills (D)

What should employees do before receiving access to systems and equipment?

Sign an acceptable use agreement (A)

What should be avoided during job interviews to protect security?

Giving away too much company information (B)

What does user provisioning involve?

Creating user accounts and group memberships (C)

Flashcards are hidden until you start studying