IV. Personnel Security
Most security problems, whether accidental or malicious,
begin with people; of these people, by far, most of them come from within the
organization. The foundation for dealing with people problems is to try to
eliminate the potential for problems before they happen. Accomplish this by
anticipating where personnel might cross paths with secure data and by
contemplating the consequences. Formalize the results of this analysis in the
personnel section of the security policy and procedures manual and communicate
the results to those people involved. Each of the items listed below, from
hiring to termination, becomes a significant part of a secure system.
A.
Hiring Practices
Always perform background investigations of
employees before hiring them. One should perform some form of a background
investigation.
B.
Training
C.
Access Rights And Privileges
D.
Rules For Granting And Revoking Privileges
E.
Separation of Privileges and Roles
F.
Adverse Actions
G.
Termination Practices
This segment of the module might be expanded upon in
a personnel management course.