Personnel Management 5.1

Question 1

Business Policies

Answer 1

Mandatory vacations will happen. If there is funny business going on in the company, this is the best chance to identify fraud. The longer the vacation, the better. Especially important in high-security environments.

Question 2

Job Rotation

Answer 2

Keep people moving between responsibilities. No one person maintains control for long periods of time.

Question 3

Separation of Duties

Answer 3

No one person has all of the details. Like having 2 keys to the nuke. Two people to open the safe.

Question 4

Clean Desk Policy

Answer 4

When you leave, nothing is on your desk. Computer turned off. Limits the exposure of sensitive data to third-parties.

Question 5

Background Checks

Answer 5

Pre-employment screening. Verify the applicant’s claims. Discover criminal history, worker compensation claims, etc. Legalities vary by country.

Question 6

Adverse Action

Answer 6

An action that denies employment based on the background check. May require extensive documentation. Can also include existing employees.

Question 7

Personnel Security Procedure

Answer 7

Non-disclosure agreement (NDA). Legal contract that defines what is confidential. Prevents the use and dissemination of confidential information. Train new employees coming into the organization. Initial security training is a must, but you have to have continuing education because security is constantly changing.

Question 8

Acceptable Use Policy (AUP)

Answer 8

This defines what is acceptable use of company assets. This may also be documented in the Rules of Behavior. This is used by an organization to limit legal liability. If someone is dismissed, these are well-documented reasons why.

Question 9

Exit Interview

Answer 9

Employee is leaving, you can ask them questions about why they are leaving etc. This is a very formal process and is documented for data tracking and feedback.