Next: 3.1.9 Training
Up: 3.1 Local Network: Security
Previous: 3.1.7 Personnel management
From the point of hire, individuals who will have routine access to
sensitive information resources should be subject to special security
procedures. More extensive background or reference checks may be
appropriate for such positions, and security responsibilities should be
explicitly covered in employee orientations. Position descriptions and
performance evaluations should also explicitly reference unusual
responsibilities affecting the security of information resources.
Individuals in sensitive positions should be subject to job rotation,
and work flow should be designed in such a way as to provide as much
separation of sensitive functions as possible. Upon decision to
terminate or notice of resignation, expedited termination or rotation
to less sensitive duties for the remainder of employment is a
reasonable precaution.
Denis Arnaud
12/19/1997