Managing Information Security Personnel By Christopher Boehm.

Slides:

Advertisements

Similar presentations

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

Advertisements

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

The International Security Standard

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

JAN is a service of the U.S. Department of Labor’s Office of Disability Employment Policy. 1 Drugs and Alcohol Under the ADA Linda Carter Batiste, J.D.,

Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.

Recruiting and Selecting the Best Employees

Delphi Confidential Human Resources Delphi U.S. Salaried Temporary Layoff Policy Overview u Not less than one week and not to exceed 13 consecutive weeks.

Security Controls – What Works

Stephen S. Yau 1CSE Fall 2006 Personnel Security.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Session 3 – Information Security Policies

Computer Security: Principles and Practice

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

2015 ANNUAL TRAINING By: Denise Goff

Personnel Management SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United.

EMPLOYEE TERMINATIONS Becky S. Knutson Davis Brown Law Firm.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Aspects of Web Site Design Office of Enterprise Security (What we look for in web applications and Why)

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 14 – Human Factors.

Working Together The Key to Safety

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.

SECURITY – A CORE BUSINESS ACTIVITY Supply Chain Awareness Pass Application and Vetting Process.

Slide 1  ‘I will take fifty percent efficiency to get hundred percent loyalty” Samuel Goldwyn.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

DEALING WITH UNDERPERFORMERS STEVE SHARKEY BEI SERVICES.

Agenda Corrective/Preventative Action Internal Auditing Management Review.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

1 Book Cover Here Copyright © 2015, Elsevier Inc. All rights Reserved Chapter #16 Orientation for Security Officers Security Supervision and Management.

Pro-active Security Measures

Human Resource Security ISO/IEC 27001:2013

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Chapter 2: Personnel Security and Risk Management Concepts

2016 RecruitmentIndividual Accommodation Plans Return To WorkPerformance & Career General Requirements Include statement of commitment on all Baxter job.

DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.

Unit 3 Seminar.  Used to predict acceptable or unacceptable behavior  Helps to assess level of skills/knowledge/ characteristics applicants have  Reduce.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

HIRING AND MANAGING EMPLOYEES Presented by Megan M. Ruwe (612)

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

SHE Requirements Clarification Meeting Date:17 November 2014 Compiled: Nompumelelo Kaule.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Copyright © 2014 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin FUNDAMENTALS OF HUMAN RESOURCE MANAGEMENT 5 TH EDITION BY R.A.

Developing Personnel Policies

Mysale Information Classification 101

Allied Health Career Training Certified Nurse Aide

Personal Security Chapter :7

Current ‘Hot Topics’ in Information Security Governance Auditing

Introduction to the Federal Defense Acquisition Regulation

Maintaining the Personnel File

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

BOOTSTRAP HR The University of Colorado Leeds School of Business

Developing Personnel Policies

The Federal Bonding Program

High-Level Tool for Assessing the Strategic Components of and Forces Affecting the Organization’s Human Capital Management Activities HR Specialty Products.

Confidentiality.

Presentation transcript:

Managing Information Security Personnel By Christopher Boehm

Overview  Introduction  Hiring Process  Contracts  ISO  Terminating Employment  Closing points

Introduction  Security is more a people problem than a technology problem.  The process to effectively manage Information Security Personnel starts before an employee is even hired and goes all the way to their termination.

Hiring Process  BASIC job postings, no access details.  Background checks!!  Identity  Education  Previous employment  References  Drug history  Credit history (if agreed to)

Contracts  Security agreements  Employment Contingent Upon Agreement  Current employees cannot be forced into signing documents to keep their job.

ISO  A Standard Document  Encompasses broad range of information security issues  Risk Assessment and Treatment  System Policy  Organizing Information Security  Asset Management  Human Resources Security  Physical and Environmental Security  Communications and Operations Management  Access Control  Information Systems Acquisition, Development and Maintenance  Information Systems Acquisition, Development and Maintenance  Information Security Incident Management  Business Continuity Management  Compliance

Human Resources Security  a) Ensure that employees, contractors and third parties are suitable for the jobs they are considered for, understand their responsibilities, and to reduce the risk of abuse (theft, misuse, etc).  b) Ensure that the above are aware of IS threats and their responsibilities, and able to support the organization's security policies  c) Ensure that the above exit the organization in an orderly and controlled manner.  c) Ensure that the above exit the organization in an orderly and controlled manner.

Terminating Employment  Disable access immediately  Return media  Secure hard disks  Change locks  Exit Interview  Escort off premises (if necessary)

Closing points..  NEVER be too paranoid of who you hire!  Keep good security policies in the forefront of ALL employees’ minds.  Technology alone is not a defense!

Questions? Comments?