IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [people-management]

Organized Security education, background checks, and other efforts aimed at preventing people within an organization from being part of an attack.

People matter to security, from employees who are targets of social engineering, to architects & engineers who devise and implement security-critical policies.

People management involves preventing these people from becoming part of an attack by:

  • helping good actors act well (e.g. education)
  • filtering out bad actors (e.g. background checks)
  • preventing single points of failure (e.g. limiting intra-departmental communication)
  • managing people to help them balance security with other requirements
  • liasing between different organizations/divisions to ensure critical information reaches the people who need it.
40 questions
7
votes
3 answers

Theory X vs Theory Y in social engineering

Theory X and Theory Y are two models of human motivation, often used when discussing people-management in business. In short, Theory X postulates people are lazy, will avoid work, and require incentives, whereas Theory Y postulates that people are…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
6
votes
5 answers

Does IT policy apply to the Board of Directors? What policies do apply?

What is your experience with applying IT policy to the Board of Directors? Please mention the country and industry you have experience in, since the advice you're sharing may or may not be the same across all industries. [Edit] It isn't uncommon…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
6
votes
4 answers

What types of background checks of employees are state-of-the-art?

A high security environment requires trust in the integrity of the employees. I am talking about administrators, developers and everyone else who could compromise the security easily. One way to reduce the risk is the application of the four-eyes…
Demento
  • 7,249
  • 5
  • 36
  • 45
6
votes
1 answer

How do people keep track of their employee's privileged accounts?

I am curious how the community here keeps track of a user's accounts. For instance, in the event of an employee transitioning from the company, how does security make sure that all user accounts the user had access to are in fact revoked. Active…
appsecguy
  • 435
  • 4
  • 12
6
votes
2 answers

Outsourcing security evaluation

Does anyone have any experience with outsourcing security code review via freelance sites (like Rent-a-coder, Elance, Guru, Getafreelancer, etc.)? Is this effective? What are the best practices? Are there any pitfalls? Does anyone have any…
D.W.
  • 98,420
  • 30
  • 267
  • 572
6
votes
2 answers

Security Manager job description

I work in a growing, family owned business. The company has 300 employees and has landed some big clients who require major policy changes in order to give us their continued business. Among those changes is the development and implementation of a…
mipnix
  • 163
  • 3
6
votes
4 answers

When should I use the word hacker, cracker, or black hat?

Everybody seems to have their own meaning of the word "hacker". To some, it's the good-guy vigilante with some non-professional characteristics. To others, it's the aggressor, bad-guy, cracker, or black hat that exploits for personal gain (money,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
2 answers

Managing a team of IDS experts; how would you organize your team?

Suppose you are managing a team of Intrusion Detection Experts: ...what are the functional areas of the IDS knowledge space would you group your team into? ...how would you structure your team? ...how would you measure success?
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
3 answers

security performance criteria in employee reviews

Have any of you security professionals been able to get security performance metrics into reviews that managers conduct for their employees? If so, are there any helpful resources you could share to make that happen?
user35603
  • 71
  • 3
5
votes
2 answers

Standards for hiring trusted personnel - American or Canadian Government?

Is anyone familiar with an ISO standard outlining the hiring of labour for vendors being hired by DHS or Canadian government? I've found security standards but nothing for hiring practices. Edit for clarification. Our company will be selling to the…
crockpotveggies
  • 193
  • 6
5
votes
3 answers

What key attributes indicate candidate potential for future success in a security career?

So you are looking to hire a fresh graduate to work in an entry-level/trainee IT security role that covers a wide range of tasks: vulnerability research, penetration testing, secure software engineering. Assuming that you will invite to interview…
sjp
  • 345
  • 1
  • 2
  • 11
5
votes
2 answers

Recommendations for documenting security code review

How should I document the results of a security code review? Does anyone know of any resources for reviewers that provide guidance on how they should document their findings? Maybe a document that describes best practices or makes recommendations…
D.W.
  • 98,420
  • 30
  • 267
  • 572
4
votes
2 answers

What personal traits and characteristics do you look for in a IT Security pro?

IT Security Pros are very smart people who need to give your environment with the respect and care that the business requires. Part 1 What are the traits you look for in an employee before approving them for sensitive access (root passwords,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
4
votes
0 answers

How to make sure that previous sysadmin has not compromised corporate IT security?

Possible Duplicate: When a sysadmin leaves what extra precautions need to be taken? A company has been maintaining its ALL internal and external (like google emails, apps, etc.) IT systems (computers, servers, networks, web sites, security keys…
Gennady Vanin Геннадий Ванин
  • 920
  • 5
  • 11
3
votes
3 answers

System Hardening: Outsource to Security Expert or have Sys Admin do it?

Can any of you security experts help me make a decision on how to deal with staffing for an initial hardening for an Apache server running MySQL and PHP? We are working on a new site have to do initial hardening and I don't know if we should have…
SuziG
  • 41
  • 4
1
2
3