Human Resources Security in Cybersecurity

Questions and Answers

Which phase of the government clearance process involves granting or denying clearance at a specific level?

Onboarding phase

Investigative phase

Application phase

Adjudication phase (correct)

What is the process of creating user accounts, assigning access rights, and providing company identification called?

Security Education and Training

Termination

User Provisioning (correct)

Employee Orientation

What is the purpose of a confidentiality or non-disclosure agreement?

To grant government clearance

To protect sensitive information (correct)

To create user accounts

To terminate an employee

What is the goal of an acceptable use agreement?

To define what information may not be disclosed

According to NIST, what is the importance of security education and training?

To protect information by ensuring role and responsibilities

What type of records fall under FERPA?

Educational records

What type of records fall under DPPA?

Motor vehicle records

What type of records are public records in most states?

Criminal history records

What type of records may not be used as the only reason to not hire someone according to Title 11 of the U.S. Bankruptcy Code?

Bankruptcies

What must new employees provide during the onboarding phase?

All of the above

Which of the following is the main purpose of security awareness campaigns?

To change employees' behavior towards security

What does the term 'user provisioning' refer to?

Creating user accounts and group memberships

What should be done before informing an employee about termination?

Lock the employee out of all systems

What should be included in an acceptable use agreement?

All of the above

What is the purpose of background checks for job candidates?

To screen job candidates for high security positions

What is the SETA model?

A model for security awareness campaigns

What is the purpose of security training?

To teach skills

What is the employee life cycle?

The process of onboarding and off-boarding employees

What is the main focus of security awareness?

To change employees' behavior towards security

Why should care be taken when advertising job openings online?

To protect the data and privacy of job seekers

Which of the following is NOT one of the stages in the employee lifecycle mentioned in the text?

Promotion

What is one of the risks of online employment ads mentioned in the text?

Revealing too much about the company's IT infrastructure

What should online job description postings NOT reveal according to the text?

Information about the company's IT infrastructure

What is the responsibility of companies regarding candidate application data mentioned in the text?

To protect the data and privacy of the job seeker

Why should interviewers be concerned about revealing too much about the company during the interview according to the text?

To prevent job candidates from gaining access to secured areas

What is one of the measures organizations should take to protect themselves when screening prospective employees according to the text?

Running extensive background checks on potential employees

What is the purpose of confidentiality and acceptable use agreements mentioned in the text?

To describe the company's commitment to security

What should organizations create according to the text?

All of the above

What is one of the rewards of online employment ads mentioned in the text?

Reaching a wide audience

What is one of the stages in the employee lifecycle mentioned in the text?

Onboarding

Study Notes

Government Clearance Process

• The phase of granting or denying clearance at a specific level is involved in the government clearance process.

User Account Creation and Access Rights

• The process of creating user accounts, assigning access rights, and providing company identification is called user provisioning.

Confidentiality and Non-Disclosure Agreements

• The purpose of a confidentiality or non-disclosure agreement is to protect sensitive information.

Acceptable Use Agreements

• The goal of an acceptable use agreement is to establish rules and guidelines for the use of company resources and systems.
• An acceptable use agreement should include rules for employee behavior and consequences for non-compliance.

Security Education and Training

• According to NIST, security education and training are important to ensure employees understand and follow security policies and procedures.

Records and Confidentiality

• Records that fall under FERPA (Family Educational Rights and Privacy Act) are education records.
• Records that fall under DPPA (Driver's Privacy Protection Act) are DMV records.
• Public records in most states include court records, property records, and other public documents.
• Bankruptcy records may not be used as the only reason to not hire someone according to Title 11 of the U.S. Bankruptcy Code.

Employee Onboarding and Termination

• New employees must provide necessary documentation and information during the onboarding phase.
• Before informing an employee about termination, all necessary documentation and procedures should be completed.
• The main purpose of security awareness campaigns is to educate employees about security risks and best practices.

Security Training and Awareness

• The purpose of background checks for job candidates is to verify the candidate's identity and check for any criminal history.
• The SETA model is a framework for security education, training, and awareness.
• The purpose of security training is to educate employees about security risks and best practices.
• The employee life cycle includes recruitment, onboarding, training, and termination.
• The main focus of security awareness is to educate employees about security risks and best practices.

Online Job Postings and Candidate Data

• Care should be taken when advertising job openings online to avoid revealing too much about the company.
• Job postings should not reveal sensitive information about the company or the position.
• Companies are responsible for protecting candidate application data and ensuring it is secure.
• Interviewers should be concerned about revealing too much about the company during the interview to prevent unauthorized access.
• Organizations should take measures to protect themselves when screening prospective employees, such as conducting thorough background checks.
• One of the risks of online employment ads is revealing too much about the company.
• One of the rewards of online employment ads is increased visibility and reach.

Responsibility and Protection

• Companies should create confidentiality and acceptable use agreements to protect sensitive information.
• Organizations should create policies and procedures for employee onboarding and termination to ensure compliance with regulations.
• One of the measures organizations should take to protect themselves is to conduct thorough background checks on prospective employees.

Description

Test your knowledge on human resources security in cybersecurity with this quiz. Learn about the relationship between cybersecurity and personnel practices, the stages of the employee lifecycle, the importance of confidentiality and acceptable use agreements, and more. Put your knowledge to the test and see how well you understand the role of human resources in maintaining cybersecurity.