PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

Similar documents
CEOP Relationship Management Strategy

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

TELEFÓNICA UK LTD. Introduction to Security Policy

ATINER's Conference Paper Series COM The Use of Honeytokens in Database Security

Report to the Council of Australian Governments. A Review of the National Identity Security Strategy

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

The Cambridge Executive MBA - Seeking Employer Support

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Business Case. for an. Information Security Awareness Program

Regulation of Investigatory Powers Act 2000

Helping you to protect yourself against fraud and financial crime

HMG Security Policy Framework

Corporate Security in 2016.

Managing risk, insurance and terrorism

How To Design A Project

Small businesses: What you need to know about cyber security

SPEAR PHISHING UNDERSTANDING THE THREAT

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

HUMAN RESOURCES POLICIES & PROCEDURES

ESKISP Conduct security testing, under supervision

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

ISO27001 Controls and Objectives

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Business Plan 2012/13

CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH

The rise of new e commerce channels: Shoppers Delight or Gangsters Paradise?

Professional issues. Una Benlic

Driving License. National Insurance Number

ISO Controls and Objectives

Use and Change of Names

28400 POLICY IT SECURITY MANAGEMENT

Introduction. Clarification of terminology

ADVANCED ANTI-MONEY LAUNDERING COURSE. Course Notes

low levels of compliance with the regulations and POCA by negligent HVD operators are enabling criminals to launder the proceeds of crime

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

MANAGE THIRD PARTY RISKS

How To Behave At The Britain Council

How To Pass Cambriac English: First For Schools

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May Dear Sir or Madam,

COMPUTER USAGE -

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

DISCIPLINARY PROCEDURE

Specification for Learning and Qualifications for Common Security Industry Knowledge

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Incident reporting procedure

University of Sunderland Business Assurance Information Security Policy

2015 Information Security Awareness Catalogue

INSIDER THREAT DETECTION RECOMMENDATIONS.

Overview TECHIS Carry out security testing activities

The UK cyber security strategy: Landscape review. Cross-government

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

DVLA ELISE GSi Closed User Group Code of Connection

INSTANT MESSAGING SECURITY

Module 4. Risk assessment for your AML/CTF program

RISK ASSESSMENT FOR PERSONNEL SECURITY A GUIDE 3 RD EDITION

HIPAA Compliance Evaluation Report

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Newcastle University Information Security Procedures Version 3

Cyber Security Strategy

ID3 Applications. 800 million people One solution. Forward thinking solutions for a global industry. because identity matters

INFORMATION SECURITY PROCEDURES

Information Security Team

Report on Pre-Appointment Screening Procedures employed by the National Recruitment Service for the Health Service Executive (HSE)

Human Resources Trainee

UoB Risk Assessment Methodology

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

Risk Management Policy

Intellectual Property

Information Security: Business Assurance Guidelines

How To Deal With Social Media At Larks Hill J & I School

INFORMATION TECHNOLOGY SECURITY STANDARDS

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Information sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers

Officers Code of Conduct

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Introductory Level Management Training Programme

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

Transcription:

PERSONNEL SECURITY PRACTICAL ADVICE FOR HR AND SECURITY MANAGERS

A DELICATE BALANCE Every year brings stories of organisations falling victim to the embarrassing, costly or disruptive consequences of staff misusing their access and privileges. But with the appropriate personnel security measures in place organisations can significantly reduce their exposure to intentional and unintentional insider acts. The Human Resource team has a pivotal role to play, balancing security risks against the need to ensure employees remain able to perform their duties and buy in to any new measures. It is essential that HR executives recognise the vulnerabilities and are in a position to offer advice and best practice to colleagues, amidst potentially difficult and sensitive circumstances. CPNI s range of advice and guidance can help HR and security teams to: About CPNI The Centre for the Protection of National Infrastructure (CPNI) is the government authority that provides advice on protecting the country s essential services, facilities and networks from terrorism and other threats. Though its focus is on securing the national infrastructure energy, transport, health, telecommunications etc. many businesses and organisations can benefit from its general advice for protecting staff, property and IT systems, much of which is available from www.cpni.gov.uk Identify security measures in proportion to the risk. Reduce the risk of employing personnel likely to present a security concern. Establish that applicants and contractors are who they claim to be. Close down opportunities for abuse of the organisation s assets.

Practical security advice for personnel managers Staff who may look to exploit their legitimate access for unauthorised purposes can take a variety of forms: disaffected individuals, activist groups, journalists, competitors, those with links to organised crime or even those involved in terrorism. In many organisations, personnel security is still regarded as a recruitment issue rather than something to address throughout a staff member s time in employment. But ongoing personnel security measures can not only reduce vulnerabilities, they can also encourage a hugely beneficial securityconscious culture amongst staff at every level of the organisation. Identifying the right measures can be a significant challenge involving complex strategic decisions. There are legal and resource implications to consider, whilst implementing the wrong measures can prove costly and disruptive. And then there is the need to ensure changes are transparent and understood at stake is the relationship and level of trust between an organisation and its staff. CPNI advice can help personnel and security teams understand and prepare for the challenges involved. Building on the experiences of the organisations who contribute to our research, our products offer practical tips, checklists and advice to help managers adopt the right personnel measures for their own circumstances.

Personnel security: threats, challenges and measures Introductory guidance for those with new security, recruitment or line management responsibilities: What is personnel security Why it is important What is involved Ongoing personnel security Advice and best practice to reduce the risk of insider activity: Engaging with staff Managing contractors and short-term staff Conducting investigations

Document verification guidance How to distinguish genuine employee verification documents (passport, qualifications) from forgeries. Pre-employment screening guidance A one-stop guide to best practice for screening applications, including: Authenticating identity Verifying the right to work in the UK Confirming employment history and qualifications Checking criminal records These documents are available to download at www.cpni.gov.uk Risk assessment for personnel security Using a fictional case study, this guidance document helps security and human resource managers to: Conduct personnel security risk assessments Identify insider threats Prioritise the risks Choose the appropriate counter-measures

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information