Professional Documents
Culture Documents
Week 10
Kent Institute Australia Pty. Ltd.
ABN 49 003 577 302 CRICOS Code: 00161E
RTO Code: 90458 TEQSA Provider Number: PRV12051
Version 2 – 18th December 2015
Week 10
Chapter 11
Security and
Personnel
2
Learning Objectives (1 of 2)
• Upon completion of this material, you should be able to:
- Describe where and how the information security function should be
positioned within organisations
- Explain the issues and concerns related to staffing the information security
function
- List and describe the credentials that information security professionals can
earn to gain recognition in the field
Learning Objectives (2 of 2)
- Discuss how an organisation’s employment policies and practices can support the
information security effort
- Explain the need for the separation of duties
- Describe the special requirements needed to ensure the privacy of personnel data
Introduction
• When implementing information security, there are many human
resource issues that must be addressed.
- Positioning and naming the security function
- Staffing for, or adjustments to, the staffing plan
- Assessing the impact of information security on every IT function
- Integrating solid information security concepts into personnel management
practices
Introduction (cont)
• Employees often feel threatened when an information security
program is being created or enhanced.
• Perception that the program is a manifestation of a “Big Brother”
attitude
- Will management be monitoring my work or my email?
- Will information security staff go through my hard drive looking for
evidence to fire me ?
- Will these changes impact my job efficiency and effectiveness?
Positioning and Staffing the Security Function
• Information Security should balance duty to monitor compliance
with needs for education, training, awareness, and customer
service.