Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Information Security Personnel By Christopher Boehm.

Published byReynard Dominic Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Information Security Personnel By Christopher Boehm."— Presentation transcript:

1 Managing Information Security Personnel By Christopher Boehm

2 Overview  Introduction  Hiring Process  Contracts  ISO 17799  Terminating Employment  Closing points

3 Introduction  Security is more a people problem than a technology problem.  The process to effectively manage Information Security Personnel starts before an employee is even hired and goes all the way to their termination.

4 Hiring Process  BASIC job postings, no access details.  Background checks!!  Identity  Education  Previous employment  References  Drug history  Credit history (if agreed to)

5 Contracts  Security agreements  Employment Contingent Upon Agreement  Current employees cannot be forced into signing documents to keep their job.

6 ISO 17799  A Standard Document  Encompasses broad range of information security issues  Risk Assessment and Treatment  System Policy  Organizing Information Security  Asset Management  Human Resources Security  Physical and Environmental Security  Communications and Operations Management  Access Control  Information Systems Acquisition, Development and Maintenance  Information Systems Acquisition, Development and Maintenance  Information Security Incident Management  Business Continuity Management  Compliance

7 Human Resources Security  a) Ensure that employees, contractors and third parties are suitable for the jobs they are considered for, understand their responsibilities, and to reduce the risk of abuse (theft, misuse, etc).  b) Ensure that the above are aware of IS threats and their responsibilities, and able to support the organization's security policies  c) Ensure that the above exit the organization in an orderly and controlled manner.  c) Ensure that the above exit the organization in an orderly and controlled manner. http://17799.denialinfo.com/whatisiso17799.htm

8 Terminating Employment  Disable access immediately  Return media  Secure hard disks  Change locks  Exit Interview  Escort off premises (if necessary)

9 Closing points..  NEVER be too paranoid of who you hire!  Keep good security policies in the forefront of ALL employees’ minds.  Technology alone is not a defense!

10 Questions? Comments?

Download ppt "Managing Information Security Personnel By Christopher Boehm."

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
The International Security Standard

The International Security Standard
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
JAN is a service of the U.S. Department of Labor’s Office of Disability Employment Policy. 1 Drugs and Alcohol Under the ADA Linda Carter Batiste, J.D.,

JAN is a service of the U.S. Department of Labor’s Office of Disability Employment Policy. 1 Drugs and Alcohol Under the ADA Linda Carter Batiste, J.D.,
Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.

Transportation/Fleet Safety and Environmental Safety Travel - Hazardous Materials Transportation Security- Sandra J. Perry Consulting Services & Treatment.
Recruiting and Selecting the Best Employees

Recruiting and Selecting the Best Employees
Delphi Confidential Human Resources Delphi U.S. Salaried Temporary Layoff Policy Overview u Not less than one week and not to exceed 13 consecutive weeks.

Delphi Confidential Human Resources Delphi U.S. Salaried Temporary Layoff Policy Overview u Not less than one week and not to exceed 13 consecutive weeks.
Security Controls – What Works

Security Controls – What Works
Stephen S. Yau 1CSE465-591 Fall 2006 Personnel Security.

Stephen S. Yau 1CSE Fall 2006 Personnel Security.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.
2015 ANNUAL TRAINING By: Denise Goff

2015 ANNUAL TRAINING By: Denise Goff
Personnel Management SAND No. 2005-3288 C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United.

Personnel Management SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United.

Similar presentations

Ads by Google