IV. Personnel Security
Most security problems, whether accidental or malicious, begin with people; of these people, by far, most of them come from within the organization. The foundation for dealing with people problems is to try to eliminate the potential for problems before they happen. Accomplish this by anticipating where personnel might cross paths with secure data and by contemplating the consequences. Formalize the results of this analysis in the personnel section of the security policy and procedures manual and communicate the results to those people involved. Each of the items listed below, from hiring to termination, becomes a significant part of a secure system.
A. Hiring Practices
Always perform background investigations of employees before hiring them. One should perform some form a background investigation.
C. Access Rights And Privileges
D. Rules For Granting And Revoking Privileges
E. Separation of Privileges and Roles
F. Adverse Actions
G. Termination Practices
This segment of the module might be expanded upon in a personnel management course.