Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security."— Presentation transcript:

1 Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security

2 Stephen S. Yau 2CSE465-591 Fall 2006 What Is Personnel Security? Security mechanisms that reduce risks of human error, theft, fraud or misuse of facilities within organization Security mechanisms that reduce risks of human error, theft, fraud or misuse of facilities within organization Not just an IT issue Not just an IT issue Human Resource (HR) is the main player Human Resource (HR) is the main player Cross reference (refer to other organizations’ IA in HR) and provide input to HR policies Cross reference (refer to other organizations’ IA in HR) and provide input to HR policies

3 Stephen S. Yau 3CSE465-591 Fall 2006 Types of Implementation Background checks Background checks Security clearances (government jobs only) Security clearances (government jobs only) Employment agreements Employment agreements Hiring and termination practices Hiring and termination practices Job descriptions Job descriptions Job rotation Job rotation Separation of duties and responsibilities Separation of duties and responsibilities

4 Stephen S. Yau 4CSE465-591 Fall 2006 Background Checks Personnel controlling IT resources Personnel controlling IT resources Security Personnel Security Personnel Net Administrators Net Administrators Managers Managers Auditors Auditors Support hiring decisions Support hiring decisions Provide some protection and assurance Provide some protection and assurance

5 Stephen S. Yau 5CSE465-591 Fall 2006 Background Checks (Cont.) What can be checked on an applicant? What can be checked on an applicant? Credit (financial) report Credit (financial) report SSN searches SSN searches Workers compensation reports Workers compensation reports Criminal record Criminal record Motor vehicle report Motor vehicle report Education verification Education verification Reference checks Reference checks Prior employment verification Prior employment verification

6 Stephen S. Yau 6CSE465-591 Fall 2006 Security Clearances Applicable to Applicable to Uniformed members of the military Uniformed members of the military Civilian employees working for government agencies, including DoD Civilian employees working for government agencies, including DoD Employees of government contractors Employees of government contractors

7 Stephen S. Yau 7CSE465-591 Fall 2006 Employment Agreements Non-competitive: Non-competitive: Will not compete with your employer by engaging in any business of a similar nature as an employee, independent contractor, owner, partner, significant investor, etc. Will not compete with your employer by engaging in any business of a similar nature as an employee, independent contractor, owner, partner, significant investor, etc. May broadly limit from working in same field, even if employee does not work for a direct competitor. May restrict in both time and locations May broadly limit from working in same field, even if employee does not work for a direct competitor. May restrict in both time and locations

8 Stephen S. Yau 8CSE465-591 Fall 2006 Employment Agreements (Cont.) Non-disclosure: Non-disclosure: Used when employer with unpatented ideas wants employee to maintain the idea confidential Used when employer with unpatented ideas wants employee to maintain the idea confidential Restricts dissemination of corporate information to entities, such as competitors, press, analysts, and foreign agents Restricts dissemination of corporate information to entities, such as competitors, press, analysts, and foreign agents

9 Stephen S. Yau 9CSE465-591 Fall 2006 Hiring and Termination Practices Strictly HR policies Strictly HR policies Hiring manager responsible for review of background checks Hiring manager responsible for review of background checks Managers must take timely and appropriate disciplinary actions Managers must take timely and appropriate disciplinary actions Applicable to contractors/sub-contractors. Applicable to contractors/sub-contractors.

10 Stephen S. Yau 10CSE465-591 Fall 2006 Hiring and Termination Practices (Cont.) From IT perspective From IT perspective Starting/closing accounts Starting/closing accounts Notifying employee of account information Notifying employee of account information Forwarding email and voice-mail Forwarding email and voice-mail Changing locks and number-combinations Changing locks and number-combinations Changing system passwords Changing system passwords Notifying all personnel Notifying all personnel

11 Stephen S. Yau 11CSE465-591 Fall 2006 Job Descriptions Based on designated position sensitivity Based on designated position sensitivity Based on sensitivity of information handled Based on sensitivity of information handled Addressing security responsibilities of the position Addressing security responsibilities of the position Considered in performance evaluation Considered in performance evaluation

12 Stephen S. Yau 12CSE465-591 Fall 2006 Job Rotation Implemented where feasible Implemented where feasible Discourages fraud, waste, and abuse Discourages fraud, waste, and abuse Discourages collusion (secret agreement or cooperation especially for an illegal or deceitful purpose) Discourages collusion (secret agreement or cooperation especially for an illegal or deceitful purpose) Promotes cross-training Promotes cross-training Often not possible in highly specialized jobs Often not possible in highly specialized jobs

13 Stephen S. Yau 13CSE465-591 Fall 2006 Separation of Duties Ensure people checking for inappropriate use of IT resources or control not capable of abuse Ensure people checking for inappropriate use of IT resources or control not capable of abuse No one individual should be responsible for completing a task involving sensitive, valuable, or critical information from beginning to end No one individual should be responsible for completing a task involving sensitive, valuable, or critical information from beginning to end A person must not be responsible for approving his/her own work A person must not be responsible for approving his/her own work What to separate What to separate Development from production Development from production Security from audit Security from audit Accounts payable from accounts receivable Accounts payable from accounts receivable

14 Stephen S. Yau 14CSE465-591 Fall 2006 Summary Make sure you hire only “good guys”: competent, honest, and dependable guys Make sure you hire only “good guys”: competent, honest, and dependable guys Make sure employees know their responsibilities Make sure employees know their responsibilities Practices to encourage being good guys Practices to encourage being good guys Know how to handle if good guys are discovered to turn bad Know how to handle if good guys are discovered to turn bad

Download ppt "Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security."

Similar presentations

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.

Personnel Background Investigations. Introduction The interests of the national security require that all persons privileged to be employed in the departments.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502) 564-5841.

Kentucky Auditor of Public Accounts Libby Carlin, Assistant State Auditor (502)
BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.

BONDS, CRIME and PROPERTY FARA on the behalf of the Office of Risk Management Revised 06/2011.
Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.

Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.
The Islamic University of Gaza

The Islamic University of Gaza
Environmental Management Systems An Overview With Practical Applications.

Environmental Management Systems An Overview With Practical Applications.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
BACKGROUND CHECKS Cooperative Extension Volunteer Program Background Reviews.

BACKGROUND CHECKS Cooperative Extension Volunteer Program Background Reviews.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Stephen S. Yau 1CSE465-591 Fall 2006 IA Policies.

Stephen S. Yau 1CSE Fall 2006 IA Policies.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Chapter 6: Personnel Security. 2 Objectives  Describe the role of security in personnel practices  Develop secure recruiting & interviewing procedures.

Chapter 6: Personnel Security. 2 Objectives  Describe the role of security in personnel practices  Develop secure recruiting & interviewing procedures.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
UNDERSTANDING THE NATURE AND SCOPE OF HRM

UNDERSTANDING THE NATURE AND SCOPE OF HRM

Similar presentations

Ads by Google