Select Page

Identification of Threats

CISSP

In the context of Identification of Threats for CISSP, due diligence and proper identification of potential threats involve several key steps that ensure individuals and external entities involved with an organization are vetted and monitored appropriately. This process helps mitigate risks associated with human factors in information security.

Steps in Identification of Threats:

  1. Develop Job Descriptions:
    • Clearly define roles and responsibilities for each position within the organization.
    • Ensure that job descriptions include specific qualifications, skills, and security responsibilities.
  2. Contact References:
    • Verify the candidate’s previous employment and conduct reference checks.
    • Obtain information on the candidate’s work history, behavior, and reliability.
  3. Screen/Investigate Background:
    • Conduct thorough background checks, including criminal history, financial records, and other relevant investigations.
    • Evaluate the candidate’s past behavior and trustworthiness, especially for roles involving sensitive information.
  4. Develop Confidentiality Agreements:
    • Ensure that all employees, contractors, vendors, and consultants sign confidentiality and non-disclosure agreements (NDAs).
    • These agreements should outline the individual’s responsibility to protect sensitive information and the consequences of non-compliance.
  5. Determine Policy on Vendor, Contractor, Consultant, and Temporary Staff Access:
    • Define policies governing the access rights of external entities like vendors, contractors, and consultants.
    • Implement access controls that limit their access to only the information and systems necessary for their work.
    • Ensure that temporary staff undergo similar vetting processes as permanent staff.

DUE DILIGENCE:

  • Due diligence in this context refers to the organization’s responsibility to take all reasonable measures to identify and mitigate threats associated with hiring and granting access to individuals, including internal staff and external entities.
  • It involves not just compliance with legal and regulatory requirements, but also ensuring that the processes in place are sufficient to protect the organization from potential threats.

This approach is essential for managing risks related to human resources and external interactions, which can be significant vectors for security threats.

Latest Post:

Pin It on Pinterest