employee security controls
DESCRIPTION
Employee Security Controls. CS5493(7493). Contracts. Employment contract Accompanying job responsibility description Non-Disclosure Agreement Acceptable Usage Policy Service Level Agreements. Employee Controls. Things to consider when hiring: Credit check Background check Drug testing - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/1.jpg)
Employee Security Controls
CS5493(7493)
![Page 2: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/2.jpg)
Contracts
• Employment contract– Accompanying job responsibility description
• Non-Disclosure Agreement• Acceptable Usage Policy• Service Level Agreements
![Page 3: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/3.jpg)
Employee Controls
• Things to consider when hiring:– Credit check– Background check– Drug testing– Lie detector test
![Page 4: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/4.jpg)
Employee Controls
• All of the aforementioned controls are intrusive.
• The employee or candidate must be properly informed and must agree.
• Give them an opportunity to make any disclosures.
![Page 5: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/5.jpg)
Employee controls
• Credit check – relatively inexpensive compared to the other listed alternatives.
![Page 6: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/6.jpg)
Employee controls
• Background check– Resume verification– Job history verification– Criminal history check– References
![Page 7: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/7.jpg)
Employee Controls
• When conducting a job history check, one can contact former employers
• Former employers are allowed to disclose information that is not protected by law, is accurate, and truthful.
![Page 8: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/8.jpg)
Employe Controls
• Drug testing• Lie detector testExpensive to administer, not required for all
employees.
![Page 9: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/9.jpg)
Employee Controls
• Separation of Duties
![Page 10: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/10.jpg)
Employee Controls
• Separation of Duties• Need-to-Know
![Page 11: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/11.jpg)
Employee Controls
• Separation of Duties• Need-to-Know• Job Rotation
![Page 12: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/12.jpg)
Employee Controls
• Separation of Duties• Need-to-Know• Job Rotation• Vacations
![Page 13: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/13.jpg)
Employee Controls
• Separation of Duties• Need-to-Know• Job Rotation• Vacations• Audits/Reviews
![Page 14: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/14.jpg)
Separation of Duties
• This prevents someone from overseeing their own work: reduces errors and fraud.
![Page 15: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/15.jpg)
Separation of Duties
• The people writing checks to vendors cannot be the same people who make the orders and establish vendor contracts.
![Page 16: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/16.jpg)
Need-to-Know
• Employees will be given access to the information required for them to perform their duties.
![Page 17: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/17.jpg)
Need-to-Know
• Reduces the possibility of improper disclosure of information.
![Page 18: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/18.jpg)
Job Rotation
• Separation of duties and need-to-know can be defeated by collusion. Job Rotation is a strategy to prevent collusion.
![Page 19: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/19.jpg)
Job Rotation
• Makes it possible to track which users were authorized to do what and when.
• Provides redundancy in job positions.• Enhances human capitol.
![Page 20: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/20.jpg)
Vacations
• Vacations are important for determining if your operation can function properly while someone is away.
• A dishonest employee may be hiding something and fearful of ever leaving their post.
![Page 21: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/21.jpg)
Audits/Reviews
• Employees should be reviewed.– Usually annually.
![Page 22: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/22.jpg)
Audits/Reviews
• Employees should be reviewed.• If an employee is not following security
controls, find out why.
![Page 23: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/23.jpg)
Audits/Reviews
• Employees should be reviewed.• If an employee is not following security
controls, find out why.– Could be out of ignorance
![Page 24: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/24.jpg)
Audits/Reviews
• Employees should be reviewed.• If an employee is not following security
controls, find out why.– Could be out of ignorance– Could be deliberate deception
![Page 25: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/25.jpg)
Disclosure
• Employees need to know why Employee-Controls are necessary.
![Page 26: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/26.jpg)
Disclosure
• Employees need to know why Employee-Controls are necessary.– For example, explain the necessity of need-to-
know
![Page 27: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/27.jpg)
Disclosure
• Employees need to know why Employee-Controls are necessary.– Explain the necessity of need-to-know– Employees can be disgruntled if they don’t know
why they are uninformed about some issues
![Page 28: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/28.jpg)
Exit Interviews
• Create a record of why an employee leaves.
![Page 29: Employee Security Controls](https://reader035.vdocuments.site/reader035/viewer/2022062521/568167ad550346895ddcfc3e/html5/thumbnails/29.jpg)
Exit Interviews
• Make a checklist of actions – Collect physical access items: keys, keycards, etc.– Close accounts– Notify vendors, contractors, business partners,
helpdesk, etc (create a list of contacts).