Scribd Logo
Upload

Welcome to Scribd!

  • HRIS - Chapter 16 - HRIS PRIVACY AND SECURITY

    Uploaded by

    RifatVanPersie
    469 views23 pages
    This document discusses privacy and security for human resource information systems (HRIS). It covers topics like information security, threats to security, the role of HR in security, and best practices for managing security for HRIS. The components of information security are confidentiality, integrity and availability. HR can help with security by establishing policies, securely storing sensitive data, training users, and conducting privacy reviews. Proper security controls for HRIS include administrative, logical, physical controls and access restrictions.

    Original Description:

    Original Title

    HRIS_Chapter 16_HRIS PRIVACY AND SECURITY

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses privacy and security for human resource information systems (HRIS). It covers topics like information security, threats to security, the role of HR in security, and best practices for managing security for HRIS. The components of information security are confidentiality, integrity and availability. HR can help with security by establishing policies, securely storing sensitive data, training users, and conducting privacy reviews. Proper security controls for HRIS include administrative, logical, physical controls and access restrictions.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    469 views23 pages

    HRIS - Chapter 16 - HRIS PRIVACY AND SECURITY

    Uploaded by

    RifatVanPersie
    This document discusses privacy and security for human resource information systems (HRIS). It covers topics like information security, threats to security, the role of HR in security, and best practices for managing security for HRIS. The components of information security are confidentiality, integrity and availability. HR can help with security by establishing policies, securely storing sensitive data, training users, and conducting privacy reviews. Proper security controls for HRIS include administrative, logical, physical controls and access restrictions.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 23

    HRIS PRIVACY AND

    SECURITY
    Topics to Be Covered
     Information Security
     Components of Information Security
     Threats to Information Security
     Role of HR in Information Security
     Information Security Management for HRIS

    FOLLOW DISCUSSIONS ON THESE TOPICS IN


    YOUR TEXTBOOK.
    Information Security
    Information Security

    Information security, sometimes


    shortened to ”infosec”, is the practice
    of protecting information by mitigating
    information risks.
    It typically involves preventing or at least
    reducing the probability of
    unauthorized/inappropriate access, use,
    disclosure, disruption, deletion/destruction,
    corruption, modification, inspection,
    recording or devaluation of information.
    Components of Information
    Security
    Components of Information
    Security

    The HRIS is composed of three components-hardware, software and


    communications.

    The CIA triad of confidentiality, integrity, and availability is at the


    heart of information security.

    Mechanisms of protection need to be established at physical


    (products), personal (people) and organizational levels (procedures).
    Components of Information
    Security

    Figure 16.1:
    Components of
    Information
    Security
    Confidentiality is to protect information from accidental
    or malicious disclosure.
    Integrity is to protect information from accidental or
    intentional (malicious) modification
    Availability: Is to making sure that information is available to
    those who need it and when they need it.
    Threats to Information Security
    Common Security Threats

    • Human Error
    • Damage by Disgruntled employees or ex-employees
    • Misuse of Computer Systems
    • Theft
    • Computer Based Fraud
    • Viruses, Worms or Trojans
    • Hackers
    • Natural Disasters
    Role of HR in Information Security
    Role of HR in Information Security

    Information security issues are no longer solely the


    domain of IT department and IT managers.

    To have effective information security in place, HR


    managers need to align information security with
    HR objectives.

    Having the active involvement of senior


    management is crucial in establishing that alignment.
    Role of HR in Information Security

    With organizations enabling the more


    strategically active role of HRM through a
    combination of selection, training and pay
    practices, they could more effectively handle
    people issues in information security
    management (ISM)
    Researchers suggested following best
    practices for handling information in HRIS:
    • Adopt a comprehensive information security and privacy
    policy.
    • Store sensitive personal data in secure HRIS and provide
    appropriate encryption.
    • Build document destruction capabilities into the office
    structure and dispose of documents properly.
    • Train users on how to securely use and handle the equipment,
    data, and software
    • Train employees to “log off” personal computers after they
    are through using them
    Researchers suggested following best
    practices for handling information in HRIS:

    • Do not allow passwords to be shared. Change passwords


    frequently.
    • Run software through virus detection program before using it
    on the system
    • Make backup copies of data files and programs
    • Ensure that backup copies, data files, software, and printouts
    are used only by authorized users
    Researchers suggested following best
    practices for handling information in HRIS:

    • Conduct privacy “walk-throughs”, and make spot checks on


    proper information handling.

    • Ensure that all software and mainframe applications include a


    record of the changes and transactions that occur in the
    system, including when and who performed the changes.
    Researchers suggested following best
    practices for handling information in HRIS:
    • Select staff carefully with due regard to their honesty and
    integrity
    • Take measures to address the personal problems of
    employees, such as gambling or drug addiction, which might
    lead them to indulge in information system abuse for financial
    gain
    • Access to effective grievance procedures, since the motivation
    for much information system abuse is retaliation against
    management
    Information Security Management
    for HRIS
    Information Security Programs for HRIS

    To mitigate risk, it is recommended that the following control


    strategies should be used in designing an HRIS.

     Administrative Control
     Logical Control
     Physical Control
     Security Classification for Information
     Access Control
     Cryptography
     Defense in Depth
    Thanks!

    You might also like