Professional Documents
Culture Documents
GROUP Presentation
GROUP Presentation
GROUP Presentation
PERSONNEL
G R O U P 2
SECURITY
LEARNING
OBJECTIVES:
At the end of this chapter, the student will be able
to:
SECURITY
checks, security screenings, and ongoing monitoring to mitigate risks. By
both the organization and its employees from potential threats, contributing to a
and employee misconduct. In fact, internal theft surpasses the losses that can
SECURITY
outsiders.
-It is the employer's duty to maintain a safe and secure working environment.
order to protect existing workers, guests, and the public from the harmful acts
of employees.
PERSONNEL
- An employee with legitimate access to corporate systems also
has the potential to wreck the organization's reputation by
simply using a USB memory stick or a webmail account to steal
SECURITY
confidential information. Personnel security measures can
prevent such kinds of employees from exploiting their
legitimate access to company assets for unauthorized purposes.
PERSONNEL
- Employees who may exploit their legitimate access for unauthorized purposes
SECURITY
terrorism. Through effective personnel security measures, the organization will be
better able to employ reliable people, minimize the chances of staff becoming
unreliable, and detect suspicious behavior and resolve security concerns once they
emerge.
PURPOSE OF
PERSONNEL SECURITY:
• TO IDENTIFY SECURITY MEASURES IN PROPORTION TO
THE RISK
3
To avoid 4 To legally obtain
financial genuine
liability documents
The purpose of verifying identity is to
ascertain the correctness of the
information they have given about
themselves by:
1 Determining 2
Establishing
that the that the
identity is individual
genuine and owns and is
relates to a rightfully using
real person. that identity.
Two methods of verifying identify
Paper-based approach, involves requesting original documents such as those that
corroborate the applicant’s full name, signature, date of birth and Full permanent
address. Ideally, such documents should possess the following characteristics:
•Issued by a trustworthy and reliable source
•Difficult to forge
•Dated and current
•Contains the owner’s name, photograph and signature.
•Requires evidence of identity before being issued
Electronic approach involves checking the applicant’s personal details against
external databases. This method requires checking and cross-referencing
information. From databases such as criminal records or credit reference
agencies. By searching for records associated with the name, date of birth and
address provided, it is possible to build a picture of that individual’s and current
life. Tracking such history indicates that the identity likely to be genuine. On the
other hand, if searches result in a history that lacks detail or depth, it is possible
that the identity is false.
When such database checks are able to confirm that the identity does exist, it
would also be necessary to test whether the individual truly owns this identity by
asking questions that could corroborate information about the identity. Testing
the individual’s knowledge of the identity is as important as establishing that the
identity exists to prevent the hiring of an applicant who simply stole the identity
of someone who is actually qualified to perform an important position in the
organization.
Qualification and Employment
A Checks
Q U A L I F I C AT I O N CHECK INVOLVES
T H E V E R I F I C AT I O N O F I N F O R M AT I O N
REGARDING E D U C AT I O N A L OR
PROFESSIONAL Q U A L I F I C AT I O N S ,
WHILE AN EMPLOYMENT CHECK
I N V O LV E T H E V E R I F I C AT I O N O F T H E
APPLICANT'S EMPLOYMENT HISTORY IN
T E R M S O F D AT E S O F E M P L O Y M E N T A N D
POSITION.
The qualification check should confirm the following
information:
• Dates of employmen
• Positions held Duties
• Salary
• Reason for leaving
• Any employment gaps
media searches
Media searches are valuable tools for
evaluating individuals based on their
online reputation, especially for positions
involving sensitive material or close
interaction with public figures. They help
verify identity, confirm suspicions, and
assess security awareness. However, there
are risks, such as mistaking individuals
with the same name, staged positive
information, and unreliable third-party
opinions.
ONGOING
PERSONNEL
Personnel security is a system of policies and
SECURITY
procedures that managesDURING
the risk of staff or
contractors exploiting legitimate access to
EMPLOYMENT
importantation's assets or premises for
unauthorized purposes. It is important to
distinguish between this and personal security,
which seeks to reduce the risks to the safety or
well-being of individual employees.
Purpose of Ongoing Personnel
Security
• To minimize the likelihood
of employees becoming a
• To implement security
measures in a way that is
• To reduce the risk of insider activity,
protect the organization's assets and,
security concern. proportionate to the risk. where necessary, carry out
investigations to resolve suspicions or
provide evidence for disciplinary
procedures.
importance of
personnel
ongoing
security
ONGOING PERSONNEL SECURITY IS CRUCIAL TO COUNTER INSIDER THREATS,
WHICH EXPLOIT EMPLOYEES' LEGITIMATE ACCESS FOR UNAUTHORIZED
PURPOSES. POTENTIAL RISKS INCLUDE ACTS BY TERRORISTS, INTELLIGENCE
AGENTS, DISGRUNTLED EMPLOYEES, OR INDIVIDUALS SEEKING TO DAMAGE
AN ORGANIZATION'S REPUTATION. INSIDER ACTIVITIES RANGE FROM FRAUD
AND THEFT TO UNAUTHORIZED INFORMATION DISCLOSURE. MOTIVATIONS MAY
STEM FROM VARIOUS FACTORS SUCH AS IDEOLOGY, REVENGE, OR FINANCIAL
GAIN. IT'S CHALLENGING TO PREDICT AN INSIDER'S SHIFT IN INTENTIONS,
MAKING CONTINUOUS PERSONNEL SECURITY ESSENTIAL TO ADDRESS THE
HUMAN FACTOR, OFTEN THE WEAKEST LINK IN AN ORGANIZATION'S SECURITY
CHAIN.
Security training and
awareness programs
provide an opportunity for
old and new employees to
gain necessary skills to
perform their
responsibilities within the
organization's security
To these objectives, trainers and security personnel should consider the following
points (CPNI, 2010).
• Encourage staff to see those in security as friendly and approachable.
• Encourage cultures which resolve and correct rather than focus on establishing
blame.
• Avoid exaggerating the risks and threats faced by the organization to gain more
credibility.
• Avoid making false claims about security to frighten employees into
compliance.
• Provide regular refresher trainings to incorporate new security procedure's
Addressing Behaviors of Concern
• Managers play a key role in addressing
negative behavior and ensuring that security
measures are followed. Managers
sometimes fail to act on poor performance
and this could worsen the problem because
other employees might become dissatisfied
for compensating on their co-
Controlling Employee Access
• Organizations usually use access controls as
physical security measures against outsiders.
Similar considerations should be used to
prevent or minimize the risk of individuals
with legitimate access engaging in insider
activities.
Screening for the
Insider Threat
Insider attacks can cause to an organization.
Big organizations light tarde significant
damage of insider het von but they should
nevertheless be prepared by establishing an
effective screening regime. There is no clear
pattern that can help detect insider threat
because the personality, motivation and
behavior of insiders can be extremely varied.
exit
PROCEDURE
IMPLEMENTING
PROCEDURES IS
THOROUGH
CRUCIAL TO
EXIT
M I T I G AT E
POTENTIAL RISKS A S S O C I AT E D WITH
S
D E PA R T I N G E M P LO Y E E S W H O M AY P O S S E S S
SENSITIVE I N F O R M AT I O N . S TA N D A R D
MEASURES LIKE CHANGING SECURE
C A B I N E T C O M B I N AT I O N S , T E R M I N AT I N G I T
ACCOUNTS, AND U P D AT I N G PASSWORDS
HELP SAFEGUARD THE O R G A N I Z AT I O N ' S
ASSETS AND O P E R AT I O N S WITHOUT
CAUSING UNDUE DISRUPTION TO THE
E M P L O Y E E R E L A T I O N S H I P.
After assessing the risks, the following are the manager's options
depending on the employee's contract:
• Uniforms
• Security passes and/or identification cards
• Mobile phones
• Company credit cards
• Any unused personal business cards
• Keys to secure/storage areas
• Tokens for access to electronic systems
• Any books, papers or commercially sensitive documentation
• Laptops and other remote working equipment such as flash drives
• Security containers such as security briefcases
The following additional steps should also be considered to reduce the
employee's access to assets: