IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [people-management]

Organized Security education, background checks, and other efforts aimed at preventing people within an organization from being part of an attack.

People matter to security, from employees who are targets of social engineering, to architects & engineers who devise and implement security-critical policies.

People management involves preventing these people from becoming part of an attack by:

  • helping good actors act well (e.g. education)
  • filtering out bad actors (e.g. background checks)
  • preventing single points of failure (e.g. limiting intra-departmental communication)
  • managing people to help them balance security with other requirements
  • liasing between different organizations/divisions to ensure critical information reaches the people who need it.
40 questions
94
votes
4 answers

What are the career paths in the computer security field?

What sorts of jobs are there, in which organizations, with what sorts of day-to-day responsibilities? What areas are good for folks coming out of school, vs what are good 2nd careers for experienced folks coming from various disciplines?
nealmcb
  • 20,544
  • 6
  • 69
  • 116
61
votes
8 answers

What are the career paths in the (illegal) computer security field?

As a whitehat pentester I often wonder about the darkside. I see myself working in the office, and imagine that there is someone just like me in China or Romania or in their parent's basement that is pretty much doing the exact same thing, but…
rook
  • 46,916
  • 10
  • 92
  • 181
34
votes
7 answers

What are the real physical risks of casual social media publishing?

aka "how to scare my family into stopping publishing their life online?" I do not publish personal photos / opinions publicly online as a rule. I never gave hard thoughts about that but I believe that one should either explicitly put information to…
WoJ
  • 8,957
  • 2
  • 32
  • 51
33
votes
8 answers

When a sysadmin leaves what extra precautions need to be taken?

If a user leaves an organisation who knew most of the top credentials are there any other precautions that need to be taken other than changing those credentials? Obviously there is also the standard user leaving stuff like email/VPN access being…
Toby
  • 709
  • 6
  • 8
29
votes
5 answers

Professional certifications for IT Security

Which credentials of the sub-list of IT certifications (as per the Information Systems Security Association) would be considered MUST HAVE for a IT Security specialist? CEH Certified Ethical Hacker CIPP Certified Information Privacy…
Eric Warriner
  • 3,251
  • 3
  • 24
  • 20
20
votes
9 answers

How to get top management support for security projects?

I am facing an issue regarding security projects, for example: last year we bought an antivirus licence for 500 (end point security), and made a policy in order to force everyone to install it, however, at the end of year, we found out that only 50…
Akam
  • 1,327
  • 3
  • 14
  • 23
20
votes
10 answers

How to persuade average people that security matters?

If people could be fooled in life so easily ( http://www.bbc.co.uk/realhustle/ ) then in computing.... What are the best tips to persuade a regular user to pay a little more attention to security: e.g.: use HTTPS where available, up-to-date…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
18
votes
5 answers

What questions would the Joel test for Infosec professionals consist of?

See Server Fault and the original test. In other words what are some good questions that an information security professional should ask of a prospective employer? These questions might also lend themselves to helping to improve an existing work…
sdanelson
  • 1,267
  • 10
  • 21
16
votes
8 answers

How to make people report incidents?

I would like to know how you make employees report incidents. Incident reports are a key element of an ISMS. No reports = No discovery of the incident = High chance things go out of control. We have a kind of game: people can give red cards to each…
johan vd Pluijm
  • 211
  • 2
  • 10
11
votes
4 answers

What should I ask a prospective security consultant?

What should I ask a security consultant to see if they are legitimate or not? I'm looking to hire someone to perform an assessment, but I'd like to make sure that someone is reputable first.
SLY
  • 387
  • 2
  • 8
11
votes
2 answers

Security quiz for developers

Does anyone know of a short security quiz that could be administered online, to test the security knowledge of a developer? I'm looking for something simple to administer and simple to grade, ideally something that would take a developer only a few…
D.W.
  • 98,420
  • 30
  • 267
  • 572
10
votes
1 answer

How should I manage people/technicians during an incident/outbreak?

Assume there is an incident that requires immediate response, such as a virus outbreak over email, Cryptolocker actively encrypting files, or a DOS attack. How should I approach this in a way that would not only be valued in terms of our customers…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
1 answer

Do large online software companies limit employee access to company information?

I've been wondering about how large online software companies, specifically those based around a single massive product, like Google, Facebook, Yahoo, etc. handle the risk of terminated employees. Any employee with sufficient knowledge of internal…
TheEnvironmentalist
  • 505
  • 3
  • 10
9
votes
9 answers

Which factors should you take into account when deciding whether users should be informed of a penetration test?

Say you are conducting a penetration test of an internal network. The internal network comprises of workstations, servers and company and contractor laptops. In an ideal world, the penetration test would just go ahead, simulating what an attacker…
SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
8
votes
1 answer

Background checking company requesting sensitive documents via email

In the UK it is standard for IT workers in financial services to have background checks before starting a role. It is also now normal for these background checks to be outsourced to a "specialist" company. There are only two or three companies that…
JonnyWizz
  • 1,971
  • 1
  • 14
  • 34
1
2 3