information systems - controls over people
Intro.
Personnel Security
This covers aspects of job definitions and resourcing, to reduce the risk of human error and ensure that staff understand what their rights and responsibilities are concerning information security.
Most organisations require staff to keep client information confidential. They also ask staff to report security incidents and perceived weaknesses.
Appropriate personnel security ensures:
That employment contracts and staff handbooks have agreed, clear wording
Ancillary workers, temporary staff, contractors and third parties are covered
Anyone else with legitimate access to business information or systems is covered
It must deal with rights as well as responsibilities, for example:
Access to personnel files under the Data Protection Act
Proper use of equipment as covered by the Computer Misuse Act
Staff training is an important feature of personnel security to ensure the Information Security Management System (ISMS) continues to be effective.
Periodically, refreshers on less frequently used parts of the Information Security Management System (ISMS), such as its role in disaster recovery plans, can make a major difference when there is a need to put the theory into practice.
tutor2u is the leading global publisher of e-learning resources for Economics, Business, Politics, Enterprise, Law, Sociology, Religious Studies and related subjects. Our materials are used by over 3,500 schools and colleges in the UK and in educational institutions in over 85 other countries. tutor2u offers a range of free and subscription-based materials - designed to support teachers and inspire students. The business also runs a popular series of student revision workshops and teacher conferences. tutor2u was named Online Learning Resource of the Year at the prestigious BETT Show - the World's leading educational show.
|
Privacy & terms of Use |
Contact us |
Teacher Newsletters & Subject Blogs |
