🏠 Back to Exam Syllabus πŸ“Ί RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 2.1 - Personnel Security Policies & Procedures (Part 1 of 2)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series turns to the human side of security in Domain 1. Part 1 of 2 follows a hire from the written job description through screening, interviews, and onboarding, and closes with the agreements that set the rules before a new employee touches a single system.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

Humans can dodge, disable, or trick their way past any control you build β€” no lock survives a person determined to prop the door open. But the same people, once trained and motivated, become partners who watch out for the organization. Treat staff as allies you are equipping rather than a problem to contain, because every stage of a security program passes through human hands.

How does a job description shape who you hire?

It defines the role before anyone applies, spelling out the work tasks and flagging security-sensitive duties like handling classified material. Job roles map to a level of privilege, while the description maps to specific responsibilities, and those listed responsibilities become the guide for exactly which access rights you grant. Kept current after hiring, the description is the yardstick managers use to audit privilege assignments and spot access someone no longer needs.

How thorough should candidate screening be?

As thorough as the sensitivity of the position demands β€” a high-trust role earns a deeper background check than a routine one. Screening can include verifying work and education history, checking references, confirming identity, and reviewing criminal records, and depending on the job may add drug testing, credit checks, skills challenges, or a review of public social media. Laws on background checks and discrimination vary widely by region, so always clear your approach with legal counsel.

What happens during onboarding?

A qualified new hire gets integrated into the organization through a policy-driven process: reviewing and signing agreements, meeting managers and coworkers, learning how the work gets done, and orientation into the culture. Done well, it lifts satisfaction, speeds productivity, and reduces early turnover. This is also where the identity and access management system provisions the new account, granting only the minimum permissions the job needs under the principle of least privilege.

Which agreements should a new hire sign before touching a system?

The employment agreement lays out the organization’s rules, the security policy, the job details, and the consequences for violations, often pointing to a separate acceptable use policy for company equipment and resources. A nondisclosure agreement stops a current or former employee from leaking confidential information β€” unilateral covers one-way sharing, bilateral protects both sides, and multilateral covers three or more parties. A non-compete agreement restricts joining a rival within a set region and time window, though enforceability varies hard by jurisdiction.

πŸ“š Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 2.1 - Personnel Security Policies & Procedures (Part 1 of 2).