question about best practices
41 views
Skip to first unread message
Nick79
Oct 10, 2018, 11:48:14 AM10/10/18
to cissp...@googlegroups.com
Hi, Need some feedback on this question
Assume a scenario where you join a new company and you notice users not locking their workstations when they step out, users writing passwords in plain text at their cubicles, network ports on the walls being open for any visitor to connect ? What is the first thing you should do in such a case ?
a) Inform the company's board (upper management) b) Take action yourself such as configuring computer lockout policy, thrashing the scribbled passwords, shutdown the network ports c) Inform the manager of the respective users d ) Inform your supervisor
I am guessing answer is d) inform your supervisor ?
Anil Kumar K
Oct 10, 2018, 11:56:21 AM10/10/18
to cissp...@googlegroups.com
I would go with C, Inform the manager of the respective users. Users report their respective managers so bringing to their attention would be recommended.
Get Outlook for iOS
From: cissp...@googlegroups.com <cissp...@googlegroups.com> on behalf of Nick79 <neeraj...@gmail.com>
Sent: Wednesday, October 10, 2018 9:18:14 PM
To: CISSP Study Mailing List
Subject: [CCCure_CISSP_Talks] question about best practices
Sent: Wednesday, October 10, 2018 9:18:14 PM
To: CISSP Study Mailing List
Subject: [CCCure_CISSP_Talks] question about best practices
Hi, Need some feedback on this question
Assume a scenario where you join a new company and you notice users not locking their workstations when they step out, users writing passwords in plain text at their cubicles, network ports on the walls being open for any visitor to connect ?
a) Inform the company's board (upper management) b) Take action yourself such as configuring computer lockout policy, thrashing the scribbled passwords, shutdown the network ports c) Inform the manager of the respective users d ) Inform your supervisor
I am guessing answer is d) inform your supervisor ?
--
===========================================================
Another resource brought to you by CCCure for our Learners
Having any issues, contact us at: sup...@cccure.com
Visit our NEW quiz at: https://cccure.education/
Visit our learning portal at: https://cccure.training
Visit the CCCure web store at: https://www.cccure.com
===========================================================
---
You received this message because you are subscribed to the Google Groups "CISSP Study Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cissptalks+...@googlegroups.com.
To post to this group, send email to cissp...@googlegroups.com.
Visit this group at https://groups.google.com/group/cissptalks.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/8097509d-7141-437e-b85b-1580efc0fa52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
===========================================================
Another resource brought to you by CCCure for our Learners
Having any issues, contact us at: sup...@cccure.com
Visit our NEW quiz at: https://cccure.education/
Visit our learning portal at: https://cccure.training
Visit the CCCure web store at: https://www.cccure.com
===========================================================
---
You received this message because you are subscribed to the Google Groups "CISSP Study Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cissptalks+...@googlegroups.com.
To post to this group, send email to cissp...@googlegroups.com.
Visit this group at https://groups.google.com/group/cissptalks.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/8097509d-7141-437e-b85b-1580efc0fa52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Neeraj Shah
Oct 10, 2018, 11:58:33 AM10/10/18
to cissp...@googlegroups.com
Hi anil, I just edited the question. The question is "what is the first thing you would do in such a case".,
Would you still say C then?
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/BLUPR0301MB1972F0699D1E3A448B9E0477ABE00%40BLUPR0301MB1972.namprd03.prod.outlook.com.
Anil Kumar K
Oct 10, 2018, 12:33:03 PM10/10/18
to cissp...@googlegroups.com
Being a new to company and doing the first thing is to informing your supervisor is just fine. However I don’t see how that helps unless the problematic users manager is aware of the things.
So I would still go with C.
Get Outlook for iOS
From: cissp...@googlegroups.com <cissp...@googlegroups.com> on behalf of Neeraj Shah <neeraj...@gmail.com>
Sent: Wednesday, October 10, 2018 9:28:22 PM
To: cissp...@googlegroups.com
Subject: Re: [CCCure_CISSP_Talks] question about best practices
Sent: Wednesday, October 10, 2018 9:28:22 PM
To: cissp...@googlegroups.com
Subject: Re: [CCCure_CISSP_Talks] question about best practices
To view this discussion on the web visit
https://groups.google.com/d/msgid/cissptalks/CAP10WQd_gVsRgT%3DenneDZyuuRJNrOOG4xWWbhQiD%2BstZpiFzeQ%40mail.gmail.com.
Neeraj Shah
Oct 10, 2018, 1:22:32 PM10/10/18
to cissp...@googlegroups.com
Typically in a company we would go thru a process of informing our own supervisor/manager first before notifying other team's manager else own manager may feel he was not even kept in the loop. That is why i am more inclined towards D:
Hi Clement, can we get your opinion on this question please ?
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/BLUPR0301MB1972AF1164300E93D77A4877ABE00%40BLUPR0301MB1972.namprd03.prod.outlook.com.
CCCure Support
Oct 10, 2018, 2:12:02 PM10/10/18
to CISSPtalks
Good day, to all,
This is an interesting discussion, however, it seems people are
thinking too technically and not from a management perspective.
There are two basic ways to many security, the two approaches are
TOP-DOWN and BOTTOM UP.
The TOP-DOWN approach is always the best approach and the one that
should always be used.
The BOTTOM UP is a great recipe for total failure. I tell my
supervisor who tells his supervisor who hopefully brings it up the
management chain and hopefully something gets done. NOT A NICE WAY of
doing business.
Remember, the first step in having great security is to have
MANAGEMENT onboard and it has to be driven from the top down.
Myself, just looking at the questions quickly without looking at any
reference or sources, I would lean toward choice A.
Some of you may be thinking that you never walk into the presidential
office and tell him or her that something is wrong.
You are correct, a well-established security plan would include
policies and some type of incident report. Through the report or the
incident response plan, the issue would be communicated to upper
management.
Just my two cents
Best regards
Clement
> To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CAP10WQdqV-icOK9cJ4uSpy%2BL8yz0xig43H3NfvM3cR1fSTqnrg%40mail.gmail.com.
---------------------------------------------------------------------------------------------
Clement Dupuis, CD
CCCure Owner and Founder
Chief Learning Officer (CLO) and Security Evangelist
The CCCure Family of Portals
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE, + 12 others
For support or queries send an email to: Sup...@CCCure.Com
----------------------------------------------------------------------------------------------
Maintainer of :
The CCCure Learning Portal - Find the best Security Tutorials
The CCCure Quiz Engine
Knowledge sharing and giving back to the community
This is an interesting discussion, however, it seems people are
thinking too technically and not from a management perspective.
There are two basic ways to many security, the two approaches are
TOP-DOWN and BOTTOM UP.
The TOP-DOWN approach is always the best approach and the one that
should always be used.
The BOTTOM UP is a great recipe for total failure. I tell my
supervisor who tells his supervisor who hopefully brings it up the
management chain and hopefully something gets done. NOT A NICE WAY of
doing business.
Remember, the first step in having great security is to have
MANAGEMENT onboard and it has to be driven from the top down.
Myself, just looking at the questions quickly without looking at any
reference or sources, I would lean toward choice A.
Some of you may be thinking that you never walk into the presidential
office and tell him or her that something is wrong.
You are correct, a well-established security plan would include
policies and some type of incident report. Through the report or the
incident response plan, the issue would be communicated to upper
management.
Just my two cents
Best regards
Clement
---------------------------------------------------------------------------------------------
Clement Dupuis, CD
CCCure Owner and Founder
Chief Learning Officer (CLO) and Security Evangelist
The CCCure Family of Portals
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE, + 12 others
For support or queries send an email to: Sup...@CCCure.Com
----------------------------------------------------------------------------------------------
Maintainer of :
The CCCure Learning Portal - Find the best Security Tutorials
The CCCure Quiz Engine
Knowledge sharing and giving back to the community
Venky T
Oct 10, 2018, 2:32:30 PM10/10/18
to cissp...@googlegroups.com
Thanks for the great explanation Clement. In the CISSP exam, we have to answer like a Security Manager or Supervisor. Hence I also go with answer "A"
-- V.T.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CAA3tmKuiff-W15%2BBmBd9rikdYszfppQrFm3n9ZF2ad8ke9a_ig%40mail.gmail.com.
Neeraj Shah
Oct 10, 2018, 2:48:39 PM10/10/18
to cissp...@googlegroups.com
Thanks Clement.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CAHHe5JvjpESu7B0bQaOvrwLzEaNyaFCHVKAjiJmGE2HixyEHdg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages