Employee Security Controls
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

Employee Security Controls PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

Employee Security Controls. CS5493(7493). Contracts. Employment contract Accompanying job responsibility description Non-Disclosure Agreement Acceptable Usage Policy Service Level Agreements. Employee Controls. Things to consider when hiring: Credit check Background check Drug testing

Download Presentation

Employee Security Controls

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Employee security controls

Employee Security Controls

CS5493(7493)


Employee security controls

Contracts

  • Employment contract

    • Accompanying job responsibility description

  • Non-Disclosure Agreement

  • Acceptable Usage Policy

  • Service Level Agreements


Employee controls

Employee Controls

  • Things to consider when hiring:

    • Credit check

    • Background check

    • Drug testing

    • Lie detector test


Employee controls1

Employee Controls

  • All of the aforementioned controls are intrusive.

  • The employee or candidate must be properly informed and must agree.

  • Give them an opportunity to make any disclosures.


Employee controls2

Employee controls

  • Credit check – relatively inexpensive compared to the other listed alternatives.


Employee controls3

Employee controls

  • Background check

    • Resume verification

    • Job history verification

    • Criminal history check

    • References


Employee controls4

Employee Controls

  • When conducting a job history check, one can contact former employers

  • Former employers are allowed to disclose information that is not protected by law, is accurate, and truthful.


Employe controls

Employe Controls

  • Drug testing

  • Lie detector test

    Expensive to administer, not required for all employees.


Employee security controls

Employee Controls

  • Separation of Duties


Employee security controls

Employee Controls

  • Separation of Duties

  • Need-to-Know


Employee security controls

Employee Controls

  • Separation of Duties

  • Need-to-Know

  • Job Rotation


Employee security controls

Employee Controls

  • Separation of Duties

  • Need-to-Know

  • Job Rotation

  • Vacations


Employee security controls

Employee Controls

  • Separation of Duties

  • Need-to-Know

  • Job Rotation

  • Vacations

  • Audits/Reviews


Employee security controls

Separation of Duties

  • This prevents someone from overseeing their own work: reduces errors and fraud.


Separation of duties

Separation of Duties

  • The people writing checks to vendors cannot be the same people who make the orders and establish vendor contracts.


Employee security controls

Need-to-Know

  • Employees will be given access to the information required for them to perform their duties.


Employee security controls

Need-to-Know

  • Reduces the possibility of improper disclosure of information.


Employee security controls

Job Rotation

  • Separation of duties and need-to-know can be defeated by collusion. Job Rotation is a strategy to prevent collusion.


Job rotation

Job Rotation

  • Makes it possible to track which users were authorized to do what and when.

  • Provides redundancy in job positions.

  • Enhances human capitol.


Employee security controls

Vacations

  • Vacations are important for determining if your operation can function properly while someone is away.

  • A dishonest employee may be hiding something and fearful of ever leaving their post.


Employee security controls

Audits/Reviews

  • Employees should be reviewed.

    • Usually annually.


Employee security controls

Audits/Reviews

  • Employees should be reviewed.

  • If an employee is not following security controls, find out why.


Employee security controls

Audits/Reviews

  • Employees should be reviewed.

  • If an employee is not following security controls, find out why.

    • Could be out of ignorance


Employee security controls

Audits/Reviews

  • Employees should be reviewed.

  • If an employee is not following security controls, find out why.

    • Could be out of ignorance

    • Could be deliberate deception


Employee security controls

Disclosure

  • Employees need to know why Employee-Controls are necessary.


Employee security controls

Disclosure

  • Employees need to know why Employee-Controls are necessary.

    • For example, explain the necessity of need-to-know


Employee security controls

Disclosure

  • Employees need to know why Employee-Controls are necessary.

    • Explain the necessity of need-to-know

    • Employees can be disgruntled if they don’t know why they are uninformed about some issues


Exit interviews

Exit Interviews

  • Create a record of why an employee leaves.


Exit interviews1

Exit Interviews

  • Make a checklist of actions

    • Collect physical access items: keys, keycards, etc.

    • Close accounts

    • Notify vendors, contractors, business partners, helpdesk, etc (create a list of contacts).


  • Login