290 likes | 435 Views
Employee Security Controls. CS5493(7493). Contracts. Employment contract Accompanying job responsibility description Non-Disclosure Agreement Acceptable Usage Policy Service Level Agreements. Employee Controls. Things to consider when hiring: Credit check Background check Drug testing
E N D
Employee Security Controls CS5493(7493)
Contracts • Employment contract • Accompanying job responsibility description • Non-Disclosure Agreement • Acceptable Usage Policy • Service Level Agreements
Employee Controls • Things to consider when hiring: • Credit check • Background check • Drug testing • Lie detector test
Employee Controls • All of the aforementioned controls are intrusive. • The employee or candidate must be properly informed and must agree. • Give them an opportunity to make any disclosures.
Employee controls • Credit check – relatively inexpensive compared to the other listed alternatives.
Employee controls • Background check • Resume verification • Job history verification • Criminal history check • References
Employee Controls • When conducting a job history check, one can contact former employers • Former employers are allowed to disclose information that is not protected by law, is accurate, and truthful.
Employe Controls • Drug testing • Lie detector test Expensive to administer, not required for all employees.
Employee Controls • Separation of Duties
Employee Controls • Separation of Duties • Need-to-Know
Employee Controls • Separation of Duties • Need-to-Know • Job Rotation
Employee Controls • Separation of Duties • Need-to-Know • Job Rotation • Vacations
Employee Controls • Separation of Duties • Need-to-Know • Job Rotation • Vacations • Audits/Reviews
Separation of Duties • This prevents someone from overseeing their own work: reduces errors and fraud.
Separation of Duties • The people writing checks to vendors cannot be the same people who make the orders and establish vendor contracts.
Need-to-Know • Employees will be given access to the information required for them to perform their duties.
Need-to-Know • Reduces the possibility of improper disclosure of information.
Job Rotation • Separation of duties and need-to-know can be defeated by collusion. Job Rotation is a strategy to prevent collusion.
Job Rotation • Makes it possible to track which users were authorized to do what and when. • Provides redundancy in job positions. • Enhances human capitol.
Vacations • Vacations are important for determining if your operation can function properly while someone is away. • A dishonest employee may be hiding something and fearful of ever leaving their post.
Audits/Reviews • Employees should be reviewed. • Usually annually.
Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why.
Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why. • Could be out of ignorance
Audits/Reviews • Employees should be reviewed. • If an employee is not following security controls, find out why. • Could be out of ignorance • Could be deliberate deception
Disclosure • Employees need to know why Employee-Controls are necessary.
Disclosure • Employees need to know why Employee-Controls are necessary. • For example, explain the necessity of need-to-know
Disclosure • Employees need to know why Employee-Controls are necessary. • Explain the necessity of need-to-know • Employees can be disgruntled if they don’t know why they are uninformed about some issues
Exit Interviews • Create a record of why an employee leaves.
Exit Interviews • Make a checklist of actions • Collect physical access items: keys, keycards, etc. • Close accounts • Notify vendors, contractors, business partners, helpdesk, etc (create a list of contacts).