Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security.

Slides:

Advertisements

Similar presentations

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.

Advertisements

Information Technology Control Day IV Afternoon Sessions.

Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502)

BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.

Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.

The Islamic University of Gaza

Environmental Management Systems An Overview With Practical Applications.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

BACKGROUND CHECKS Cooperative Extension Volunteer Program Background Reviews.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Stephen S. Yau 1CSE Fall 2006 IA Policies.

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Chapter 6: Personnel Security. 2 Objectives  Describe the role of security in personnel practices  Develop secure recruiting & interviewing procedures.

Session 3 – Information Security Policies

Network security policy: best practices

Computer Security: Principles and Practice

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Internal Auditing and Outsourcing

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

UNDERSTANDING THE NATURE AND SCOPE OF HRM

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Chapter Four Internal Controls, Accounting for Cash, and Ethics © 2015 McGraw-Hill Education.

Introduction to Internal Control Systems

ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 14 – Human Factors.

1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity.

Issues in Corporate Governance: Board Structures and Functions Based on a Student Presentation by Joshua Shullaw and Matthew Domeyer.

Motor Fleet Safety Basics: Training for the Safety Supervisor Unit 6 – Hiring the Right People.

1 Internal Audit of the Estonian Financial Supervisory Authority (EFSA) Raivo Linnas Internal Auditor Tallinn, Estonia – June 29, 2004.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.

Internal Controls and Fraud Convery Describe an Internal Controls System and its elements Identify specific Internal Control issues in a NPO Consider.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Internal Control 7. Management Issues Related to Internal Control OBJECTIVE 1: Identify the management issues related to internal control.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

Practice Management Quality Control

Chapter 6 Enhancing Security Through Procedural Controls.

INTERNAL CONTROL AND CASH Friday, we will meet in room 217 CHAPTER 7.

Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.

Human Resource Security ISO/IEC 27001:2013

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Bygrave & Zacharakis, Entrepreneurship, New York: Wiley. © Chapter 12 Legal and Tax Issues.

Chapter 3 COMMON LAW ISSUES. There are various areas of common law liability in employment law Misrepresentation by Candidates: dismissal is only acceptable.

Update on Recommendations from KPMG, Management Partners, and Task Force City Council Meeting November 16,

ORGANIZATIONAL PLAN DISCUSSION ON B a s e d o n t h e P e r s p e c t i v e o f P a k i s t a n.

7-1. Unit 7 Employee Earnings Records McGraw-Hill/Irwin Copyright © 2006 The McGraw-Hill Companies, Inc. All rights reserved.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Chapter 2: Personnel Security and Risk Management Concepts

Facilitate by: Mr. Meas Kheang Administration and finance Manager

Pre-Employment Background Checks Amy Bouck, Risk Manager County of San Diego Department of Human Resources.

Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.

Information Protection The Personnel Security Program (PSP) & Supervisors’ Responsibilities Mr. Connolly.

Access Control for Security Management BY: CONNOR TYGER.

Introduction to Business © Thomson South-Western ChapterChapter Business Organization Business in the U.S. Economy Forms of Business Ownership.

Managing Information Security Personnel By Christopher Boehm.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.

Safety Management Systems Session Four Safety Promotion APTA Webinar June 9, 2016.

1 Aswathy V S Sr.DAG, O/o AG Lucknow. Internal control is the overall control environment established by management of an enterprise FFor effective.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

Stock, Payroll & Non –current assets

IS4680 Security Auditing for Compliance

Chapter 7 Part 1 Internal Control

Figure 11-5: Control Principles

Motor Fleet Safety Basics: Training for the Safety Supervisor

Internal Controls The comments made by the presenter represent the presenter’s opinions only; these comments and opinions do not necessarily represent.

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

Stephen S. Yau 1CSE Fall 2006 Personnel Security

Stephen S. Yau 2CSE Fall 2006 What Is Personnel Security? Security mechanisms that reduce risks of human error, theft, fraud or misuse of facilities within organization Security mechanisms that reduce risks of human error, theft, fraud or misuse of facilities within organization Not just an IT issue Not just an IT issue Human Resource (HR) is the main player Human Resource (HR) is the main player Cross reference (refer to other organizations’ IA in HR) and provide input to HR policies Cross reference (refer to other organizations’ IA in HR) and provide input to HR policies

Stephen S. Yau 3CSE Fall 2006 Types of Implementation Background checks Background checks Security clearances (government jobs only) Security clearances (government jobs only) Employment agreements Employment agreements Hiring and termination practices Hiring and termination practices Job descriptions Job descriptions Job rotation Job rotation Separation of duties and responsibilities Separation of duties and responsibilities

Stephen S. Yau 4CSE Fall 2006 Background Checks Personnel controlling IT resources Personnel controlling IT resources Security Personnel Security Personnel Net Administrators Net Administrators Managers Managers Auditors Auditors Support hiring decisions Support hiring decisions Provide some protection and assurance Provide some protection and assurance

Stephen S. Yau 5CSE Fall 2006 Background Checks (Cont.) What can be checked on an applicant? What can be checked on an applicant? Credit (financial) report Credit (financial) report SSN searches SSN searches Workers compensation reports Workers compensation reports Criminal record Criminal record Motor vehicle report Motor vehicle report Education verification Education verification Reference checks Reference checks Prior employment verification Prior employment verification

Stephen S. Yau 6CSE Fall 2006 Security Clearances Applicable to Applicable to Uniformed members of the military Uniformed members of the military Civilian employees working for government agencies, including DoD Civilian employees working for government agencies, including DoD Employees of government contractors Employees of government contractors

Stephen S. Yau 7CSE Fall 2006 Employment Agreements Non-competitive: Non-competitive: Will not compete with your employer by engaging in any business of a similar nature as an employee, independent contractor, owner, partner, significant investor, etc. Will not compete with your employer by engaging in any business of a similar nature as an employee, independent contractor, owner, partner, significant investor, etc. May broadly limit from working in same field, even if employee does not work for a direct competitor. May restrict in both time and locations May broadly limit from working in same field, even if employee does not work for a direct competitor. May restrict in both time and locations

Stephen S. Yau 8CSE Fall 2006 Employment Agreements (Cont.) Non-disclosure: Non-disclosure: Used when employer with unpatented ideas wants employee to maintain the idea confidential Used when employer with unpatented ideas wants employee to maintain the idea confidential Restricts dissemination of corporate information to entities, such as competitors, press, analysts, and foreign agents Restricts dissemination of corporate information to entities, such as competitors, press, analysts, and foreign agents

Stephen S. Yau 9CSE Fall 2006 Hiring and Termination Practices Strictly HR policies Strictly HR policies Hiring manager responsible for review of background checks Hiring manager responsible for review of background checks Managers must take timely and appropriate disciplinary actions Managers must take timely and appropriate disciplinary actions Applicable to contractors/sub-contractors. Applicable to contractors/sub-contractors.

Stephen S. Yau 10CSE Fall 2006 Hiring and Termination Practices (Cont.) From IT perspective From IT perspective Starting/closing accounts Starting/closing accounts Notifying employee of account information Notifying employee of account information Forwarding and voic Forwarding and voic Changing locks and number-combinations Changing locks and number-combinations Changing system passwords Changing system passwords Notifying all personnel Notifying all personnel

Stephen S. Yau 11CSE Fall 2006 Job Descriptions Based on designated position sensitivity Based on designated position sensitivity Based on sensitivity of information handled Based on sensitivity of information handled Addressing security responsibilities of the position Addressing security responsibilities of the position Considered in performance evaluation Considered in performance evaluation

Stephen S. Yau 12CSE Fall 2006 Job Rotation Implemented where feasible Implemented where feasible Discourages fraud, waste, and abuse Discourages fraud, waste, and abuse Discourages collusion (secret agreement or cooperation especially for an illegal or deceitful purpose) Discourages collusion (secret agreement or cooperation especially for an illegal or deceitful purpose) Promotes cross-training Promotes cross-training Often not possible in highly specialized jobs Often not possible in highly specialized jobs

Stephen S. Yau 13CSE Fall 2006 Separation of Duties Ensure people checking for inappropriate use of IT resources or control not capable of abuse Ensure people checking for inappropriate use of IT resources or control not capable of abuse No one individual should be responsible for completing a task involving sensitive, valuable, or critical information from beginning to end No one individual should be responsible for completing a task involving sensitive, valuable, or critical information from beginning to end A person must not be responsible for approving his/her own work A person must not be responsible for approving his/her own work What to separate What to separate Development from production Development from production Security from audit Security from audit Accounts payable from accounts receivable Accounts payable from accounts receivable

Stephen S. Yau 14CSE Fall 2006 Summary Make sure you hire only “good guys”: competent, honest, and dependable guys Make sure you hire only “good guys”: competent, honest, and dependable guys Make sure employees know their responsibilities Make sure employees know their responsibilities Practices to encourage being good guys Practices to encourage being good guys Know how to handle if good guys are discovered to turn bad Know how to handle if good guys are discovered to turn bad