information systems - controls over people
Intro.
Personnel Security
This covers aspects of job definitions and resourcing, to reduce the risk of human error and ensure that staff understand what their rights and responsibilities are concerning information security.
Most organisations require staff to keep client information confidential. They also ask staff to report security incidents and perceived weaknesses.
Appropriate personnel security ensures:
That employment contracts and staff handbooks have agreed, clear wording
Ancillary workers, temporary staff, contractors and third parties are covered
Anyone else with legitimate access to business information or systems is covered
It must deal with rights as well as responsibilities, for example:
Access to personnel files under the Data Protection Act
Proper use of equipment as covered by the Computer Misuse Act
Staff training is an important feature of personnel security to ensure the Information Security Management System (ISMS) continues to be effective.
Periodically, refreshers on less frequently used parts of the Information Security Management System (ISMS), such as its role in disaster recovery plans, can make a major difference when there is a need to put the theory into practice.
tutor2u Home Page | Online Store | Contact Us | About tutor2u | Copyright Info | Your Privacy | Terms of Use
Working with Our Partners Sapphire Education | Learning Curve | Vue Cinemas | Moneypenny | Nexcess | Really Simple Systems | Actinic | Bickster Boston House | 214 High Street | Boston Spa | West Yorkshire | LS23 6AD | Tel +44 0844 800 0085 | Fax +44 01937 529236 Company Registration Number: 04489574 | VAT Reg No 816865400 tutor2u is proud to sponsor TABS Cricket Club and Collingham JFC as part of its programme of investment in local junior sport |
