Flashcards

Personnel Security

Address human factor risk

This subtopic covers the management of personnel security risks such as background checks, security awareness training, termination procedures, physical security and access controls for employees, contractors and third-party vendors.

5 minutes 5 Questions

Personnel Security is a critical domain within CISSP that focuses on managing human-related security risks throughout the employee lifecycle. It encompasses the security controls and practices applied to personnel from pre-employment through termination. The process begins with pre-employment screening, which includes background checks, verification of credentials, education, employment history, and reference checks. This helps identify potential security risks before hiring. Job descriptions should clearly outline security responsibilities. Once hired, employees undergo security awareness training to understand organizational security policies, procedures, and their specific security responsibilities. Regular refresher training keeps security knowledge current. Separation of duties and rotation of duties are essential principles - the former prevents any single individual from controlling all aspects of a critical function, while the latter reduces fraud opportunities and creates cross-training. Classification of information access follows the principle of least privilege, granting employees access only to resources necessary for their job functions. Termination procedures are equally important, including prompt revocation of access privileges, return of company property, exit interviews, and legal agreements like non-disclosure or non-compete clauses. Vendor, consultant, and contractor management extends personnel security beyond direct employees. Third parties require appropriate screening, monitoring, and access controls. Personnel security also addresses workplace security concerns such as violence prevention, substance abuse policies, and privacy considerations. Effective personnel security requires collaboration between security professionals, human resources, legal departments, and management. It balances security requirements with privacy laws and employee rights. Regular auditing and compliance monitoring ensure personnel security controls remain effective, with documented policies that are consistently enforced across the organization.

Concepts covered: Personnel Risk Assessment, Security Clearance Process, Non-Disclosure and Confidentiality Agreements, Job Rotation and Separation of Duties, Incident Response and Reporting, Role-based Security Access Control, Background Checks, User Access Reviews, Security Policy Compliance Management, Termination and Offboarding Process

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CISSP - Personnel Security Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

Which type of investigation is conducted for individuals occupying positions with access to sensitive information, but not classified information?

Limited Background Investigation (LBI) Phased Periodic Review (PPR) Single Scope Background Investigation (SSBI) Periodic Reinvestigation (PRI)

Correct Answer: Limited Background Investigation (LBI)

Limited Background Investigation (LBI) is conducted for individuals occupying positions with access to sensitive information, but not classified information. SSBI is for individuals requiring access to top-secret information, PPR is for lower-level positions, PRI is a follow-up to previous investigations, and PSI is conducted prior to granting access to classified information.

Question 2

What is the purpose of a personnel security incident response plan?

To conduct a background check on all employees before hiring them. To provide a coordinated approach to respond to personnel security incidents. To gather intelligence on the organization's competitors. To provide psychological counseling to employees who are experiencing personal or professional stress.

Correct Answer: To provide a coordinated approach to respond to personnel security incidents.

A personnel security incident response plan is developed to provide a coordinated approach to respond to personnel security incidents. The plan includes procedures for reporting, investigating, and documenting incidents related to personnel security. The plan should also include measures to mitigate the impact of a personnel security incident and steps to prevent similar incidents from occurring in the future.

Question 3

What is the purpose of a security clearance?

To restrict an individual's access to all information and resources within the organization To provide an individual with a false sense of security To discriminate against employees based on their personal beliefs To grant an individual access to classified information or resources based on their level of trustworthiness and reliability

Correct Answer: To grant an individual access to classified information or resources based on their level of trustworthiness and reliability

A security clearance is used to grant an individual access to classified information or resources based on their level of trustworthiness and reliability. The individual must undergo a personnel security investigation and meet certain eligibility criteria before a clearance can be granted.

Go Premium

CISSP Preparation Package (2025)

4537 Superior-grade CISSP practice questions.
Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
Unlock Effortless CISSP preparation: 5 full exams.
100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
Bonus: If you upgrade now you get upgraded access to all courses
Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!

Start Your Free 7-Day Trial