IV. Personnel Security

Most security problems, whether accidental or malicious, begin with people; of these people, by far, most of them come from within the organization. The foundation for dealing with people problems is to try to eliminate the potential for problems before they happen. Accomplish this by anticipating where personnel might cross paths with secure data and by contemplating the consequences. Formalize the results of this analysis in the personnel section of the security policy and procedures manual and communicate the results to those people involved. Each of the items listed below, from hiring to termination, becomes a significant part of a secure system.

A. Hiring Practices

Always perform background investigations of employees before hiring them. One should perform some form a background investigation.

B. Training

C. Access Rights And Privileges

D. Rules For Granting And Revoking Privileges

E. Separation of Privileges and Roles

F. Adverse Actions

G. Termination Practices

This segment of the module might be expanded upon in a personnel management course.

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service