This security-related human resource strategy illustrates how employee information should be addressed. The aim is to ensure that all personnel are aware of the best practices to protect information and how to ensure the proper use of networking equipment, according to the rules of the organization, standards and guidelines.
While this document covers many rules, standards and guidelines, it is not exhaustive. So, human resource managers, employees, contractors and third parties should exercise extreme caution with regard to how employee information technology enterprise.
New employees must receive information security training and occasional awareness updates that promote employee vigilance within the company. These activities ensure that employees understand and take responsibility for company information and resources.
following minimum functions are clearly spelled out and enforced.
- employee is not allowed to download and / or install unauthorized software on computers organization nor should they connect to the network unauthorized equipment.
- employee is not allowed to prevent the proper operation of safety equipment including antivirus programs, screensavers, etc.
- employee is not authorized to access banned sites through the Internet.
- Employees must notify their immediate superior and his IT department of any security incidents or failures they encounter.
- Employee instructed the establishment of strong passwords and proper password storage. In addition, the password should expire after a certain period by accessing sensitivity.
- When an employee moves or changes roles within the organization access their privileges should be updated accordingly.
- When the dismissal of an employee, the employee’s access to technological resources should be immediately closed.
- When an employee has been informed of the cancellation, he should not be allowed to return to his office and immediately escorted out of the building.
- The IT department should have a list of all user accounts and suspend relevant accounts immediately.
- Log files regularly scanned to ensure that the accounts of all employees were suspended.
- The supervisor shall be responsible for going all employee electronic information and either disposal or sending them to their replacement.
- The supervisor shall be responsible for the return of all employees should access cards, ID badges, and manuals.
- The supervisor shall be responsible for delivering all company-owned electronic equipment issued to the said employee including laptops, wireless cards, cell phones, and PDAs.
formal disciplinary process for any and all users who violated the safety rules will be developed and published within the organization.
In order to ensure that the organization is not morally or legally responsible for the misconduct of any employee accused of malicious activity should be treated equally and not give preferential treatment. Also, any study suspicious employees to examine all material facts.