Unit 5 Assignment 1
Unit 5 Assignment 1: Implementing Comprehensive Human Resources Risk Management Plan
Human Resources Risk Mitigation:
Objective • Human resources policies and practices should reduce the human risk factors in information technology (IT) security and information access controls. Decrease the risk of theft, fraud or misuse of information facilities by employees, contractors and third-party users.
Scope • the organization’s human resources policies, taken as a whole, should extend to all the persons within and external to the organization that do (or may) use information or information processing facilities. This could include:
* tailoring requirements to be suitable for particular roles within the organization for which persons are considered;
* ensuring that persons fully understand the security responsibilities and liabilities of their role(s);
* ensuring awareness of information security threats and concerns, and the necessary steps to mitigate those threats; and
* Providing all persons to support organizational privacy and security policies in the course of their normal work, through appropriate training and awareness programs that reduce human error; and ensuring that persons exit the organization, or change employment responsibilities within the organization, in an orderly manner.
Roles and responsibilities • Security roles and responsibilities of employees, contractors and third-party users should be defined and documented in accordance with the organization 's information privacy and security policies. This could include:
* To act in accordance with the organization 's policies, including execution of all processes or activities particular to the individual 's role(s);
* To protect all information assets from unauthorized access, use, modification, disclosure, destruction or interference;
* To report security events, potential events, or other risks to the organization and its assets
* Assignment of responsibility to individuals for
Human Resources Risk Mitigation:
Objective • Human resources policies and practices should reduce the human risk factors in information technology (IT) security and information access controls. Decrease the risk of theft, fraud or misuse of information facilities by employees, contractors and third-party users.
Scope • the organization’s human resources policies, taken as a whole, should extend to all the persons within and external to the organization that do (or may) use information or information processing facilities. This could include:
* tailoring requirements to be suitable for particular roles within the organization for which persons are considered;
* ensuring that persons fully understand the security responsibilities and liabilities of their role(s);
* ensuring awareness of information security threats and concerns, and the necessary steps to mitigate those threats; and
* Providing all persons to support organizational privacy and security policies in the course of their normal work, through appropriate training and awareness programs that reduce human error; and ensuring that persons exit the organization, or change employment responsibilities within the organization, in an orderly manner.
Roles and responsibilities • Security roles and responsibilities of employees, contractors and third-party users should be defined and documented in accordance with the organization 's information privacy and security policies. This could include:
* To act in accordance with the organization 's policies, including execution of all processes or activities particular to the individual 's role(s);
* To protect all information assets from unauthorized access, use, modification, disclosure, destruction or interference;
* To report security events, potential events, or other risks to the organization and its assets
* Assignment of responsibility to individuals for
Bibliography: Custom Security Policies.com. 2012. http://www.instantsecuritypolicy.com/it_policies_procedures.html?gclid=CI_U3_HmpboCFc-Y4AodInIAWg (accessed 10 20, 2013). Ledanidze, Evgeny. Guide to Developing a Cyber Security and Risk Mitigation Plan. 2011. http://www.smartgrid.gov/sites/default/files/doc/files/CyberSecurityGuideforanElectricCooperativeV11-2%5B1%5D.pdf (accessed 10 20, 2013). Risk Mitigation Planning Including Contingencies. http://www.incose.org/sfbac/armor/id12.htm (accessed 10 20, 2013).