CHAPTER 5

PERSONNEL
G R O U P 2

SECURITY
LEARNING
OBJECTIVES:
At the end of this chapter, the student will be able
to:

• Explain personnel security

• Enumerate the checks included in pre-
employment screening
• Enumerate pre-employment screening
measures
• Enumerate the purpose and explain the
importance of ongoing personnel security .
• Enumerate ongoing personnel security
measures Explain exit procedures
 PERSONNEL
Personnel security is a comprehensive approach to protecting an organization's

workforce. It encompasses measures to ensure the trustworthiness and reliability

of individuals within the organization. This involves thorough background

SECURITY
checks, security screenings, and ongoing monitoring to mitigate risks. By

controlling access to sensitive information and maintaining a secure

environment, personnel security aims to prevent unauthorized actions and protect

both the organization and its employees from potential threats, contributing to a

safe and trustworthy working environment.

PERSONNEL
-Among the major threats confronting an organization are employee crime

and employee misconduct. In fact, internal theft surpasses the losses that can

be attributed to robberies, theft, frauds and other criminal acts committed by

SECURITY
outsiders.

-It is the employer's duty to maintain a safe and secure working environment.

Employers conduct pre-employment background checks of job applicants in

order to protect existing workers, guests, and the public from the harmful acts

of employees.
 PERSONNEL
- An employee with legitimate access to corporate systems also
has the potential to wreck the organization's reputation by
simply using a USB memory stick or a webmail account to steal

SECURITY
confidential information. Personnel security measures can
prevent such kinds of employees from exploiting their
legitimate access to company assets for unauthorized purposes.
 PERSONNEL
- Employees who may exploit their legitimate access for unauthorized purposes

may include rebellious individuals, members of activist groups, journalists,

competitors, those with links to organized crime or even those involved in

SECURITY
terrorism. Through effective personnel security measures, the organization will be

better able to employ reliable people, minimize the chances of staff becoming

unreliable, and detect suspicious behavior and resolve security concerns once they

emerge.
PURPOSE OF
PERSONNEL SECURITY:
• TO IDENTIFY SECURITY MEASURES IN PROPORTION TO
THE RISK

• TO REDUCE THE RISK OF EMPLOYING PERSONNEL LIKELY

TO PRESENT A SECURITY CONCERN

• TO ESTABLISH THAT APPLICANTS AND CONTRACTORS

ARE WHO THEY CLAIM TO BE

• TO CLOSE DOWN OPPORTUNITIES FOR ABUSE OF THE

ORGANIZATION'S ASSETS
PRE-EMPLOYMENT
SCREENINGscreening is
Pre-employment vital for
companies to detect dishonest applicants before
hiring. It verifies credentials, detects lies on
resumes, and ensures candidates are suitable for
high-security roles. This practice, common in
financial services, is now adopted by other
industries due to a rise in deceptive job
applications. Its objective is to identify security
concerns and ensure the integrity of prospective
employees.
APPLICATIO
N FORM
Using a standardized application form to be
completed by job applicants requires them to
provide all relevant information and confirm its
correctness with a signature.
INTERVIEW
The job interview portion of the application also helps in the ffer screening process
because it provides an opportunity to discuss the candidate's suitability for
employment. This interview is important because:

• A face to face discussion encourages applicants to be honest.

• It allows the employer to clarify information in the application form, ask for
other information not covered in the application form, and probe candidates
about their responses.
• It also provides a good opportunity to add to the overall assessment of the
applicant's reliability and integrity.
IDENTITY
Verifying the applicant's identity is a critical measure
VERIFICATION
in the evant screening process. In fact, other
measures in the screening process lines should only
come second after the applicant's identity has been
satisfactorily proven. The key is to verify that the
individual is not committing fraud by using false
identities.
There are four main reasons
why individuals use false
identities:
1 To avoid 2 For dishonest
detection financial gain

3
To avoid 4 To legally obtain
financial genuine
liability documents
The purpose of verifying identity is to
ascertain the correctness of the
information they have given about
themselves by:
1 Determining 2
Establishing
that the that the
identity is individual
genuine and owns and is
relates to a rightfully using
real person. that identity.
Two methods of verifying identify
Paper-based approach, involves requesting original documents such as those that
corroborate the applicant’s full name, signature, date of birth and Full permanent
address. Ideally, such documents should possess the following characteristics:
•Issued by a trustworthy and reliable source
•Difficult to forge
•Dated and current
•Contains the owner’s name, photograph and signature.
•Requires evidence of identity before being issued
 Electronic approach involves checking the applicant’s personal details against
external databases. This method requires checking and cross-referencing
information. From databases such as criminal records or credit reference
agencies. By searching for records associated with the name, date of birth and
address provided, it is possible to build a picture of that individual’s and current
life. Tracking such history indicates that the identity likely to be genuine. On the
other hand, if searches result in a history that lacks detail or depth, it is possible
that the identity is false.
When such database checks are able to confirm that the identity does exist, it
would also be necessary to test whether the individual truly owns this identity by
asking questions that could corroborate information about the identity. Testing
the individual’s knowledge of the identity is as important as establishing that the
identity exists to prevent the hiring of an applicant who simply stole the identity
of someone who is actually qualified to perform an important position in the
organization.
 Qualification and Employment
A Checks
Q U A L I F I C AT I O N CHECK INVOLVES
T H E V E R I F I C AT I O N O F I N F O R M AT I O N
REGARDING E D U C AT I O N A L OR
PROFESSIONAL Q U A L I F I C AT I O N S ,
WHILE AN EMPLOYMENT CHECK
I N V O LV E T H E V E R I F I C AT I O N O F T H E
APPLICANT'S EMPLOYMENT HISTORY IN
T E R M S O F D AT E S O F E M P L O Y M E N T A N D
POSITION.
The qualification check should confirm the following
information:

• The establishment attended

• Course dates
• Title of the course
• Grades/marks awarded

The employment check should verify the following information:

• Dates of employmen
• Positions held Duties
• Salary
• Reason for leaving
• Any employment gaps
media searches
Media searches are valuable tools for
evaluating individuals based on their
online reputation, especially for positions
involving sensitive material or close
interaction with public figures. They help
verify identity, confirm suspicions, and
assess security awareness. However, there
are risks, such as mistaking individuals
with the same name, staged positive
information, and unreliable third-party
opinions.
ONGOING
PERSONNEL
Personnel security is a system of policies and
SECURITY
procedures that managesDURING
the risk of staff or
contractors exploiting legitimate access to
EMPLOYMENT
importantation's assets or premises for
unauthorized purposes. It is important to
distinguish between this and personal security,
which seeks to reduce the risks to the safety or
well-being of individual employees.
 Purpose of Ongoing Personnel
Security
• To minimize the likelihood
of employees becoming a
• To implement security
measures in a way that is
• To reduce the risk of insider activity,
protect the organization's assets and,
security concern. proportionate to the risk. where necessary, carry out
investigations to resolve suspicions or
provide evidence for disciplinary
procedures.
importance of
personnel
ongoing
security
ONGOING PERSONNEL SECURITY IS CRUCIAL TO COUNTER INSIDER THREATS,
WHICH EXPLOIT EMPLOYEES' LEGITIMATE ACCESS FOR UNAUTHORIZED
PURPOSES. POTENTIAL RISKS INCLUDE ACTS BY TERRORISTS, INTELLIGENCE
AGENTS, DISGRUNTLED EMPLOYEES, OR INDIVIDUALS SEEKING TO DAMAGE
AN ORGANIZATION'S REPUTATION. INSIDER ACTIVITIES RANGE FROM FRAUD
AND THEFT TO UNAUTHORIZED INFORMATION DISCLOSURE. MOTIVATIONS MAY
STEM FROM VARIOUS FACTORS SUCH AS IDEOLOGY, REVENGE, OR FINANCIAL
GAIN. IT'S CHALLENGING TO PREDICT AN INSIDER'S SHIFT IN INTENTIONS,
MAKING CONTINUOUS PERSONNEL SECURITY ESSENTIAL TO ADDRESS THE
HUMAN FACTOR, OFTEN THE WEAKEST LINK IN AN ORGANIZATION'S SECURITY
CHAIN.
Security training and
awareness programs
provide an opportunity for
old and new employees to
gain necessary skills to
perform their
responsibilities within the
organization's security
To these objectives, trainers and security personnel should consider the following
points (CPNI, 2010).
• Encourage staff to see those in security as friendly and approachable.

• Demonstrate unconditional support for the security policy (particularly from

management)

• Explain the organization's security policies openly,

• Give employees a realistic picture of the threats to the organization.

• Encourage cultures which resolve and correct rather than focus on establishing
blame.
• Avoid exaggerating the risks and threats faced by the organization to gain more
credibility.
• Avoid making false claims about security to frighten employees into
compliance.
• Provide regular refresher trainings to incorporate new security procedure's
Addressing Behaviors of Concern
• Managers play a key role in addressing
negative behavior and ensuring that security
measures are followed. Managers
sometimes fail to act on poor performance
and this could worsen the problem because
other employees might become dissatisfied
for compensating on their co-
Controlling Employee Access
• Organizations usually use access controls as
physical security measures against outsiders.
Similar considerations should be used to
prevent or minimize the risk of individuals
with legitimate access engaging in insider
activities.
Screening for the
Insider Threat
Insider attacks can cause to an organization.
Big organizations light tarde significant
damage of insider het von but they should
nevertheless be prepared by establishing an
effective screening regime. There is no clear
pattern that can help detect insider threat
because the personality, motivation and
behavior of insiders can be extremely varied.
exit
PROCEDURE
IMPLEMENTING
PROCEDURES IS
THOROUGH
CRUCIAL TO
EXIT
M I T I G AT E
POTENTIAL RISKS A S S O C I AT E D WITH

S
D E PA R T I N G E M P LO Y E E S W H O M AY P O S S E S S
SENSITIVE I N F O R M AT I O N . S TA N D A R D
MEASURES LIKE CHANGING SECURE
C A B I N E T C O M B I N AT I O N S , T E R M I N AT I N G I T
ACCOUNTS, AND U P D AT I N G PASSWORDS
HELP SAFEGUARD THE O R G A N I Z AT I O N ' S
ASSETS AND O P E R AT I O N S WITHOUT
CAUSING UNDUE DISRUPTION TO THE
E M P L O Y E E R E L A T I O N S H I P.
After assessing the risks, the following are the manager's options
depending on the employee's contract:

• Allow the employee to carry on working during their contractual

notice period and retain their usual access to the organization's assets.
• Allow the employee to work their contractual notice period but with
reduced access to assets (for example, using additional supervision or
by allocating lower-level IT access).
• Ask the employee to leave immediately - possibly under supervision
to prevent any unauthorized act while still on the premises - and not
to return for the duration of their notice period.
Exit procedures should also include the return of all assets access tools
and identifiers that belong to the organization. These may include:

• Uniforms
• Security passes and/or identification cards
• Mobile phones
• Company credit cards
• Any unused personal business cards
• Keys to secure/storage areas
• Tokens for access to electronic systems
• Any books, papers or commercially sensitive documentation
• Laptops and other remote working equipment such as flash drives
• Security containers such as security briefcases
The following additional steps should also be considered to reduce the
employee's access to assets:

• Selectively or completely blocking the employee's user IDs to prevent

systems access
• Changing passwords to common systems
• Making sure that measures are in place to prote the organization's
electronic systems from malware of hacking
• Selectively or completely blocking the employee's security pass to
prevent physical access
• Changing door codes to common areas
• Changing combinations to storage areas, where the the assets merits it
• Cancelling the employees signature authority, credit card and expense
accounts and ensuring that all relevant parties are notified
THE exit
By and large, the exit interview is done with employees
interview
about leave the company in order to help identify problems
contributing to employee turnover.

As a security measure, the exit interview is an opportunity to:

• Remind the employee of his obligations and organizational codes of conduct concerning access to assets
like intellectual property.
• Obtain all passwords or encryption keys for files the employee has been working on so that they can be
changed accordingly.
• Recover as many of the organizational assets, access tools and identifiers as is reasonable at the time.
• Ask the employee if they have any comments/ observations about the strength (or weakness) of the
security culture, measures and procedures in place within the organization.
Thank's For your
attention
embers:
aeron de vera (reporter)
angel sarile (reporter)
joshua bernardino (reporter)
markbien agarin (reporter)
rengelyn senoja (reporter)

presentation creators: handouts creators: members;

jasmine q. gutierrez willy bihasa angel sarile (reporter)
(reporter) (reporter) joshua bernardino (reporter)
aldrin hope g. sion christian odon markbien agarin (reporter)
(reporter) (reporter) rengelyn senoja (reporter)