MANAGE的MENT of INFORMATION SECURITY_Ch10.pptVIP

* Certification Costs Certifications cost money, and the preferred certifications can be expensive. Given the nature of the knowledge needed to pass the examinations, most experienced professionals find it difficult to do well on them without at least some review. Certifications are designed to recognize experts in their respective fields, and the cost of certification deters those who might otherwise take the exam just to see if they can pass. Most examinations require between two and three years of work experience, and they are often structured to reward candidates who have significant hands-on experience. * Employment Policies and Practices The general management community of interest should integrate solid information security concepts across all of the organization’s employment policies and practices. Including information security responsibilities into every employee’s job description and subsequent performance reviews can make an entire organization take information security more seriously. * Security Considerations for Non-employees Many individuals who are not employees often have access to sensitive organizational information. Relationships with individuals in this category should be carefully managed to prevent threats to information assets from materializing. * Temporary Workers Because Temporary workers are not employed by the organization for which they’re working, however, they may not be subject to the contractual obligations or general policies that govern other employees. Unless specified in its contract with the organization, the temp agency may not be liable for losses caused by its workers. From a security standpoint, access to information for these individuals should be limited to what is necessary to perform their duties. * Contract Employees While professional contractors may require access to virtually all areas of the organization to do their jobs, service contractors usually need access only to specific facilities, and they s