Unit 5 Assignment 1

1371 Words6 Pages
Unit 5 Assignment 1: Implementing Comprehensive Human Resources Risk Management Plan Human Resources Risk Mitigation: Objective • Human resources policies and practices should reduce the human risk factors in information technology (IT) security and information access controls. Decrease the risk of theft, fraud or misuse of information facilities by employees, contractors and third-party users. Scope • the organization’s human resources policies, taken as a whole, should extend to all the persons within and external to the organization that do (or may) use information or information processing facilities. This could include: * tailoring requirements to be suitable for particular roles within the organization for which persons are…show more content…
* The organization 's responsibilities for handing of information related to the person him/herself, generated in the course of an employment, contractor or other third party relationship. * An organizational code of conduct or code of ethics to the employee, contractor or third party. * Actions that can be anticipated, under the organization 's disciplinary process, as a consequence of failure to observe security requirements. Additional pre-employment agreements • Where appropriate, employees, contractors and third-party users should be required to sign, prior to being given access or other privileges to information or information processing facilities, additional: * confidentiality or non-disclosure agreements (see Confidentiality agreements); and/or * Acceptable use of assets agreements. Management responsibilities • Management should require employees, contractors and third party users to apply security controls in accordance with established policies and procedures of the organization. This could include: * appropriately informing all employees, contractors and third party users of their information security roles and responsibilities, prior to granting access to sensitive information or information systems using Terms and conditions of employment. * providing all employees, contractors and third parties with guidelines/rules that state the security expectations of their roles within the organization; * achieving an
Open Document