Human Resources Security in Cybersecurity

Questions and Answers

Which of the following is a stage in the employee lifecycle?

Recruitment (correct)

Sales

Marketing

Finance

What is the purpose of confidentiality and acceptable use agreements?

To protect the data and privacy of the job seeker (correct)

To reveal information about the company's IT infrastructure

To outline the responsibilities of the job seeker

To provide security education and training

What should online job description postings avoid revealing?

Information about the company's IT infrastructure (correct)

The company's commitment to security

The position responsibilities

The mission of the organization

Why should job candidates never gain access to secured areas during an interview?

To avoid revealing too much about the company

What should organizations do to protect themselves when screening prospective employees?

Run extensive background checks on potential employees

What is the purpose of running extensive background checks on potential employees?

To protect the data and privacy of the job seeker

What are the risks of online employment ads?

Revealing information about the company's IT infrastructure

What is the relationship between cybersecurity and personnel practices?

Personnel practices play a crucial role in cybersecurity

What should companies do to protect the data and privacy of job seekers?

Run extensive background checks

What should be included in security education, training, and awareness programs?

Confidentiality and acceptable use agreements

Which phase of the government clearance process involves the granting or denial of clearance at a specific level?

Adjudication phase

What is user provisioning?

Creating user accounts and group memberships

What should be provided to a new employee during the onboarding phase?

All of the above

What is the purpose of a confidentiality or non-disclosure agreement?

To protect sensitive information

What is an acceptable use agreement?

A policy contract between the company and information systems user

According to NIST, what is the importance of security education and training?

To train employees on cybersecurity

What is the purpose of the background check phase?

To gather only relevant information about the work employees perform

What falls under FERPA in the context of background checks?

Educational records

What is the main concern during the termination phase?

The disclosure of sensitive information by the terminated employee

Why is training workers to defend against social engineering attacks important?

To protect sensitive information

Which of the following is NOT true about security awareness campaigns?

They are a form of training

What should be done when advertising job openings online to protect security?

Take care not to give away any information that could compromise security

What is the purpose of an acceptable use agreement?

To define data classifications and handling standards

What is included in the employee life cycle?

Recruitment, onboarding, user provisioning

How should termination be handled to ensure security?

Lock the employee out of all systems before informing them

What is the purpose of background checks in the hiring process?

To screen job candidates

What is the main difference between security awareness and security training?

Security awareness focuses on changing employee behavior, while security training teaches skills

What should employees do before receiving access to systems and equipment?

Sign an acceptable use agreement

What should be avoided during job interviews to protect security?

Giving away too much company information

What does user provisioning involve?

Creating user accounts and group memberships