1 / 29

Employee Security Controls

Employee Security Controls. CS5493(7493). Contracts. Employment contract Accompanying job responsibility description Non-Disclosure Agreement Acceptable Usage Policy Service Level Agreements. Employee Controls. Things to consider when hiring: Credit check Background check Drug testing

bien
Download Presentation

Employee Security Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Employee Security Controls CS5493(7493)

  2. Contracts • Employment contract • Accompanying job responsibility description • Non-Disclosure Agreement • Acceptable Usage Policy • Service Level Agreements

  3. Employee Controls • Things to consider when hiring: • Credit check • Background check • Drug testing • Lie detector test

  4. Employee Controls • All of the aforementioned controls are intrusive. • The employee or candidate must be properly informed and must agree. • Give them an opportunity to make any disclosures.

  5. Employee controls • Credit check – relatively inexpensive compared to the other listed alternatives.

  6. Employee controls • Background check • Resume verification • Job history verification • Criminal history check • References

  7. Employee Controls • When conducting a job history check, one can contact former employers • Former employers are allowed to disclose information that is not protected by law, is accurate, and truthful.

  8. Employe Controls • Drug testing • Lie detector test Expensive to administer, not required for all employees.

  9. Employee Controls • Separation of Duties

  10. Employee Controls • Separation of Duties • Need-to-Know

  11. Employee Controls • Separation of Duties • Need-to-Know • Job Rotation

  12. Employee Controls • Separation of Duties • Need-to-Know • Job Rotation • Vacations

  13. Employee Controls • Separation of Duties • Need-to-Know • Job Rotation • Vacations • Audits/Reviews

  14. Separation of Duties • This prevents someone from overseeing their own work: reduces errors and fraud.

  15. Separation of Duties • The people writing checks to vendors cannot be the same people who make the orders and establish vendor contracts.

  16. Need-to-Know • Employees will be given access to the information required for them to perform their duties.

  17. Need-to-Know • Reduces the possibility of improper disclosure of information.

  18. Job Rotation • Separation of duties and need-to-know can be defeated by collusion. Job Rotation is a strategy to prevent collusion.

  19. Job Rotation • Makes it possible to track which users were authorized to do what and when. • Provides redundancy in job positions. • Enhances human capitol.

  20. Vacations • Vacations are important for determining if your operation can function properly while someone is away. • A dishonest employee may be hiding something and fearful of ever leaving their post.

  21. Audits/Reviews • Employees should be reviewed. • Usually annually.

  22. Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why.

  23. Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why. • Could be out of ignorance

  24. Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why. • Could be out of ignorance • Could be deliberate deception

  25. Disclosure • Employees need to know why Employee-Controls are necessary.

  26. Disclosure • Employees need to know why Employee-Controls are necessary. • For example, explain the necessity of need-to-know

  27. Disclosure • Employees need to know why Employee-Controls are necessary. • Explain the necessity of need-to-know • Employees can be disgruntled if they don’t know why they are uninformed about some issues

  28. Exit Interviews • Create a record of why an employee leaves.

  29. Exit Interviews • Make a checklist of actions • Collect physical access items: keys, keycards, etc. • Close accounts • Notify vendors, contractors, business partners, helpdesk, etc (create a list of contacts).

More Related