PoIS Chapter 11 Latest Exam Questions
With Guaranteed Pass Solutions.
What member of an organization should decide where the information security function belongs within
the organizational structure? Why? - Answer No one single person should decide on where the
information security belongs within the organization. Within different departments there should be
someone making decisions on where the information security function belongs depending on the need
of that department's goals and resources.
List and describe the options for placing the information security function within the organization.
Discuss the advantages and disadvantages of each option. - Answer The Information Technology
Department - Peer of Subfunction groups such as Networking, Application Development, and Help
Desk/Support (Most Common among large corporations)
Standalone Department (Growing Trend among newer companies)
Security - Peer of Physical Security or Protective Services
Administrative Services - Peer of Human Resources, Purchasing
Insurance/Risk Management
Legal Department
For each major information security job title covered in the chapter, list and describethe key
qualifications and requirements for the position. - Answer CISO -
Qualification, 4 year degree, communication, interpersonal, management skills.
Reqs:Manages the overall infosec program, Drafts/approves infoSec policies ,Works w/ CIO on strategic,
develops tacticalDevelops infosec budgets, Sets priorities for purchase/impl of infosec projects/tech,
Makes decisions/recommendations for recruiting/hiring/firing
Security Manager or Security Analyst -
, Qualifications - Bachelor's in tech, bus, or sec-related, CISSP certification, budgeting, project
management, and hiring and firing, manage technicians
Reqs:Accomplish CISO objs and resolve technician issues, General understaning of tech, Ability to draft
middle and lower level policies, standards and guidelines, Experience in trad, Manage technicians
What factors influence an organization's decisions to hire information security professionals? - Answer
Information Security Professionals are in high demand as businesses seek top candidates to protect their
organization's confidential data. According to the Bureau of Labor Statistics, the projected job growth of
these positions is expected to increase by 32 percent until 2028. When considering appropriate
candidates, organizations will mainly focus on the technical ability and knowledge needed to fill the
position during the screening process. Candidates that possess and maintain relevant certifications like
CISSP and SSCP, will often times stand out more to employers. While certifications may not guarantee a
position with every company, the ability to adapt to change within the rapidly changing field of
information security and how passionate the candidate is about their work will also be considered during
the screening process.
Prioritize the list of general attributes that organizations seek when hiring information security
professionals. - Answer 5. Prioritize the list of general attributes that organizations seek when hiring
information security professionals.
1. Always remember business over technology.
6. Speak to users, not at them.
7. Your education is never complete.
3. Your job is to protect the organization's information, never lose sight of the goal.
2. Look at the source of the problem first and determine the factors involved.
4. Be heard not seen.
What are critical considerations when dismissing an employee? Do they change according to whether
the departure is friendly or hostile, or according to which position the employee is leaving? - Answer
Critical considerations include systems access, any removable media, hard drives, files, all locks, logical
and keycard access, etc. when it comes to termination of an employee. There are slight changes based
on the type of termination, whether it is friendly or hostile, as a friendly departure is usually planned in
advance. Hostile terminations need to restrict access to all points immediately or as soon as possible
once the decision is reached. Good security practices would say to treat every termination as a hostile
departure in case anything may have gone awry in the employee's psyche. The more access the
employee has, the more important the termination process becomes, and the more important legal
documents like Non-Disclosure Agreements come into play.
