Download presentation
Presentation is loading. Please wait.
Published byShannon Armstrong Modified over 9 years ago
1
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 Introduction to corporate security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi
2
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 2 6. Lecture – Personnel security Personnel security as a part of corporate security Personnel security methods Personnel security and legislation
3
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 3
4
4 Security in corporations
5
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 5 Security domains
6
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 6 Personnel security Protection of information and other asset against threats caused by own staff The target of protective measures are own staff “Internal security”
7
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 7 The big picture The assets has been found and evaluated Unauthorized usage has been prevented Those people have been selected to whom the access has been granted The mistakes and failures has been prevented
8
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 8 The goal of personnel security People want to behave in the right way Selecting staff Motivation People can behave in the right way Education Training
9
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 9 Organizing personnel security Normal work of human resources Principles Normal managing work
10
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 10 How to affect on personnel security Avoiding “bad” people Finding and keeping “good” people Developing staff and organization itself
11
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 11 Hiring employers
12
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 12 Choosing new employers Find talent people However, too talent people can be dangerous, too Find suitable people To fit a group Find good personal properties Willing to follow the rules
13
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 13 Background checking Criminal records Personal information Financial records Education and certificates Working history Medical records Drivers license Recommendations
14
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 14 Recommendations Check the validity of references Discuss with the referees Contact previous employers Personal contacts Common friends
15
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 15 Check qualifications Professional skills required in a position Co-operation skills Service skills Communication skills Selling skills Managerial skills Visionary skills
16
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 16 Personality checks Gives background information for decision making The expected features must be known Should be made by professional
17
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 17 Security discussions Content Is an applicant honest and trustworthy Is there any sign of manipulation in the career Drug usage General features Discussion methods Wordless communication
18
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 18 Health records Mental health Physical health Using of Medicin Using alcohol and illegal drugs These can be checked during initial term
19
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 19 Statistic (the whole earth) 39% of applicants have modified their CV 33% of employees have admit stealing form their employer 15% of employees have admit misusage of drugs
20
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 20 Initial training and education
21
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 21 Initial settings Agreements Initial training Further education
22
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 22 The importance of education Many employees try to do the right thing If they don’t have enough background information they can’t make right decisions The decisions are based on knowledge not on facts
23
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 23 Working skills One can’t work in a secure way if one don’t have skill to do it However, too skilled employee may not accept guidance Evaluation must be based on requirements of the position The requirements must be known The development of a career Systematic education Change of duties
24
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 24 During employement
25
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 25 Permanent arrangements Evaluation Motivation Development
26
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 26 Security as a part of annual discussions As a part of annual discussions Finds out if there has been any changes in the situation Checks that arrangements and agreements are valid in the current situation and duties Updated information on authorities and permissions Updated information on property Credit cards, laptops, hands Updated information on training, disabilities etc
27
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 27 Keeping employees It is often easier to keep an employee than hiring a new one Can you offer a career Atmosphere Fair compensation
28
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 28 When an employee leaves Every employee will leave Nobody stays forever Leaving employee can be a risk or advantage But unprepared it is always a risk
29
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 29 Security when an employee leaves Do the leaving employee have information That is unique and required in the work? Is a risk if somebody finds it out? Do the leaving employee have privileges or authorizations? Do the leaving employee have valuable property?
30
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 30 Preparations All the duties should be defined Often it is not known what exactly are the tasks of an employee All the processes should be described Often it is not known how an employee make the decisions or do the work There is an up to date list of accounts, authorizations and privileges There is an up to date list of properties given to an employee Credit cards, computers, mobile phones There is NDA (Non Disclosure Agreement) that covers also time after employment
31
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 31 A friendly way There is no reason to suspect any problems Retirement, studies, … Leaving can be flexible It is possible to get information when needed All the preparations must be done but timetable can be more flexible Transferring the information after leaving is announced The work can continue until the actual leave The accounts and privileges can be active until the actual leave
32
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 32 A hostile way There is a risk that the leaving employee want to cause problems Switching to a competitor Bitterness, revenge, … Sacked for theft, dishonesty, … The damage must be minimized The information about the work must be gathered from other employees The existing secret information must be list and check if there are anything to do to prevent misusage Possibilities to cause any harm must be prevented Accounts must be closed No new information is given
33
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 33 Some practical examples
34
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 34 Confidentiality Even the most secret information must be revealed to someone This person must be trusted How to minimized risks? Keep the number of people small Keep the amount of information per a person small Do the background work properly and trust
35
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 35 An application Assumed that there is a price for everybody There is a price for every piece of information Keep the risk of getting caught high The price of people increases Keep the amount of information small per person Nobody wants to pay the high price required
36
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 36 Problems Secret information is not recognize There are secret information in unknown locations There are other values than money It is difficult to know if a person is trustworthy The checks are not complete Things can change
37
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 37 Availability Processes do not work without people It is difficult to avoid undocumented information Special skills There are always critical persons To improve availability Increase the availability of people Take care that people are available when needed Decrease the value of a person Documentation Remember that there is always a conflict between a person and an organization
38
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 38 An application An army is a place where a dishonest person can, in a case of war, help an enemy if being in a right place Spies try to infiltrate into service Spies try to get positions that are useful A possible prevention strategy Keep the positions general and train plenty of people Have a good documentation of every position In a case of war drawn a person to each position
39
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 39 Problems It is difficult to find the key processes It is difficult to find the key persons Requirements for efficiency No spare people No extra training Good luck Why pay if it works anyway
40
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 40 The memory of an organization Often an organization itself has a memory People changes but the habits stay Procedures, atmosphere, … It is difficult to change It helps over changes
41
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 41 Trends Rapid changes Permanent employees are not appreciated People are hired for a specific task and then released People are not loyal but change when get better offer The culture and spirit in organizations becomes weak Rapid methods There is no time for proper background checks Astrology Shaking people Only a change is permanent
42
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 42 Problems The changes are too fast Some of the employees looking their place all the time Professional organizations Army, hospital, church Problems between the professionals and experts Equality between genders “Glass roof” Sexual harassment
43
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 43 Act on the Protection of Privacy in Working Life 13.8.2004/759 The employer is only allowed to process personal data directly necessary for the employee’s employment relationship which is connected with managing the rights and obligations of the parties to the relationship or with the benefits provided by the employer for the employee or which arises from the special nature of the work concerned. No exceptions can be made to the necessity requirement, even with the employee’s consent.
44
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 44 How to collect information The employer shall collect personal data about the employee primarily from the employee him/herself. In order to collect personal data from elsewhere, the employer must obtain the consent of the employee. The employer shall notify the employee in advance that data on the latter is to be collected in order to establish his/her reliability. If information concerning the employee has been collected from a source other than the employee him/herself, the employer must notify the employee of this information before it is used in making decisions concerning the employee.
45
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 45 Processing health information The employer has the right to process information concerning the employee's state of health only if the information has been collected from the employee him/herself, or elsewhere with the employee’s written consent, and the information needs to be processed in order to pay sick pay or other comparable health-related benefits or to establish whether there is a justifiable reason for absence or if the employee expressly wishes his/her working capacity to be assessed on the basis of information concerning his/her state of health. Information concerning the employee's state of health may only be processed by persons who prepare, make or implement decisions concerning employment relationships on the basis of such information.
46
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 46 Processing information on drug use The employer may receive or otherwise process information entered in a drug test certificate, subject to the consent of the applicant selected for the job, only if the applicant is to do the type of work that requires precision, reliability, independent judgement or quick reactions and if performing the work while under the influence of drugs or while addicted to drugs could: endanger the life, health or occupational safety of the employee or other persons; endanger national defence or state security; endanger traffic safety; increase the risk of significant environmental damage; endanger the protection, usability, integrity and quality of information received while working and thus cause harm or damage to public interests protected by confidentiality provisions or endanger the protection of privacy or the rights of data subjects; or endanger business and professional secrecy or cause more than a minor level of financial loss to the employer or a customer of the employer, provided that this could not be prevented by other means.
47
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 47 Tests and examinations With the employee’s consent, he/she can be tested by means of personality and aptitude assessments to establish his/her capacity to perform the work in question or his/her need for training and other occupational development. The employer shall ensure that the assessment methods used are reliable, the persons conducting the assessment are experts, and the findings of the assessment are free from error Upon request, the employer or an assessor designated by the employer shall provide the employee concerned with a written statement on the assessment of the employee’s personality or aptitude free of charge. When carrying out employee health examinations and tests and taking samples, health care professionals, properly trained laboratory personnel and health care services must be used as laid down in the health care legislation. The employer is not permitted to require the employee to take part in genetic testing during recruitment or during the employment relationship, and has no right to know whether or not the employee has ever taken part in such testing.
48
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 48 Act on Background Checks (8.3.2002/177) The objective of this Act is, by providing for a procedure on background checks and taking due account of the protection of the privacy of the subject of the check and of data protection, to improve the chances of preventing criminal offences that would seriously compromise: the internal or external security of Finland, national defence or preparedness for emergency conditions; the relations of Finland to other states or to international organisations; public finances; a considerably valuable business or professional secret of a private party, or another corresponding very significant private interest of a financial nature; or data security that is very significant in view of the protection of the interests listed above in subparagraphs
49
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 49 The usage of information It shall be a prerequisite for a background check that the subject has given a prior written consent to the same. Any person has the right to be informed by the competent agency as to whether he or she has been subject to a background check for any given task A subject shall have access, upon request to the competent agency, to the information contained in the results. The results of a background check shall not be binding on the applicant. The information contained in the results shall not be used for purposes other than that stated in the application. The applicant shall destroy the results as soon as they no longer are necessary for the stated purpose of the background check,
50
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 50 Questions ?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.