As the head of the research and development department, you are authorizing colleagues in your department access to resources. Which of the following best justifies your authorization decision?
A. Background check
B. Security clearance
C. Job description
D. Separation of duties
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Job description.
The job description is one of the outputs of job design that considers the principle of “separation of duties” and entails the HR and RD departments’ collaboration. The job description is one of the most important sources to determine need-to-know because it comprises the job position’s responsibilities and duties.
The background check or security clearance is conducted before employment and is typically conducted regularly for some levels of employees or positions. A security clearance is a formal background check process in government departments or agencies; it supports mandatory access control (MAC) based on labels or lattices. Moreover, your authorization implies discretionary access control (DAC) based on need-to-know.
Job design is the process of organizing work into the tasks required to perform a specific job. Job design involves the conscious efforts to organize tasks, duties and responsibilities into a unit of work to achieve certain objectives. An HR manager should have a keen interest in the design and specification of individual jobs within the organization. (K Rajguru)
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
作為研發部門的負責人,您正在授權部門中的同事存取資源的權限。 以下哪一項是您這樣做的最關鍵依據?
A. 背景調查 (background check)
B. 安全檢查 (security clearance)
C. 職位描述 (job description)
D. 職責分離 (separation of duties)
Pingback: 職位描述 (job description) – Choson資安大小事