New-Hire Onboarding and Information Security

994 Words2 Pages
bulb-icon

Recommended: The sixth goal of PCI DSS

New employees, full-time or non-employee contractors, present a number of risks in regards to information security. These risks can be mitigated with well-designed and thorough interview and onboarding processes. An organization’s human resources department must have guidelines in place for interviewers and hiring managers to follow to allow for high-risk potential candidates to be filtered out prior to hiring. The importance of information security as part of the hiring process is so important; the PCI Security Council has implemented a section in hits reference guide to maintain PCI compliance. PCI-DSS Section 12.7 states, “Screen employees prior to hire to minimize the risk of attacks from internal sources” (PCI Quick Reference Guide, 2009, p. 24).
Interviews, background checks, and in the case of non-employee contractors and some employment scenarios, employment contracts are all used to identify new employees and contractors that have minimal risks to information security. An organization’s information security department will work with human resources to develop the policies and guidelines that will assist in the hiring selection process.
The need for Information Security in Hiring
“People are often described as the weakest link in any security system” ("Human Resources Security (ISO 8) - Information Security Guide - Internet2 Wiki", n.d.). This quote sums up the importance of verifying a candidate’s risk level prior to hiring. An organization’s information assets are critical to the organization’s operation and security. In addition to validating a candidate’s legitimacy, the interviewers and hiring managers must be careful to not divulge too much information during the hiring process that may put the organization’s syst...

... middle of paper ...

...cess, information security must be continuously communicated to employees through standard communication channels as well as ongoing training. By using these tools, an organization can prevent the hire of potential threats to its information and physical assets.

Human Resources Security (ISO 8) - Information Security Guide - Internet2 Wiki. (n.d.). Retrieved April 10, 2014, from https://wiki.internet2.edu/confluence/display/itsg2/Human+Resources+Security+(ISO+8)

Nixon, W. B., & Kerr, K. M. (2008). Background screening and investigations: Managing hiring risk from the HR and security perspectives. Amsterdam: Butterworth-Heinemann.

PCI quick reference guide. (2009). Retrieved from https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf

Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Boston, Mass: Thomson Course Technology.

Show More
Related

  • Carmella Iacovetta The Power of the Profile

    1520 Words  | 4 Pages

    The reality is in 2013 most American lives are being logged at every step from being filmed as they buy a soda at 7-11 or doing your homework at the computer lab at a community college. And, although many have heard about this intrusion, many do not most know the extent of this information and its impact when it is combined in a profile. This profile is used in background checks for top security clearances that the Office of Personnel Management (2013) requires to obtain this credential. Today, all people that have top security clearances are at risk to be targeted in ways that are deviant and often passive. To understand the profile is used to supply background checks, a history of the former company ChoicePoint will be explained to show this security threat of this now defunct company has contributed to this risk.

    Read More

  • Michael Hugh Mirsky's Article Analysis

    1280 Words  | 3 Pages

    The use of criminal record databases by employers has greatly increased since the 1990s when the information first became relevant (Appelbaum, 2015). The biggest rise in background searches began after the terrorist attacks in New York City on September 11, 2001. Mr. Uggen, a criminologist at the University of Minnesota, states that there is a problem with criminal background checks considering most employers have no idea what they should be looking for. With every business owner having different concerns about potential applicants, “we haven’t really figured out what a disqualifying offense should be for particular activities (Appelbaum,

    Read More

  • Evaluation of Booz Allen Hamilton Cybersecurity

    2027 Words  | 5 Pages

    The use of cybersecurity policies within CSN is to provide security of the divisions assets. The written policies provide guidance on implementation, through references to applicable standards and statements of best practices (Booz Allen Hamilton, 2012). As stated by Control Data Corporation, there is no asset which can be 100% secure; network security is often times focused on strategic prevention or reactive procedures, rather than examination of the security policy and maintaining the operation of it (1999). Therefore analysis indicates that numerous breaches are often due to reoccurring weaknesses in the policy. “Even the most reliable, state-of-the-art technologies can be undermined or rendered ineffective by poor decisions, or by weak operational practices” (Control Data Corporation, 1999, p. 3).

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • NIST 800-53 Security Control Framework

    220 Words  | 1 Pages

    With the increasing use of emerging technologies and the associated information security threat threshold, Ohio University has adopted the NIST 800-53 security control framework to support their regulatory compliance efforts. NIST 800-53 is being implemented to provide a comprehensive set of security controls. This control framework is responsible for instituting minimum requirements that meet approved standards and guidelines for information security systems. It provides a baseline for managing issues relating to mobile and cloud computing, insider threats, trustworthiness and resilience of their information systems. NIST defines the standards and guidelines to be adhered to meet the cyber security control that align to FISMA expectations.

    Read More

  • BioServer Systems Selection Process

    1493 Words  | 3 Pages

    BioServer Systems (BSS) provides secure web server space to its clients. The company is young but has grown exponentially thanks to its groundbreaking encryption technology that is sought after by many businesses including luring some government clients. Stanley Jausneister owns the company and was able to capitalize on his network of pharmaceutical contacts he amassed from his former career in that industry. A longtime client has recently had to fire one of its employees for attempting to sell pharmaceutical cultures to someone overseas. The client realized that they not only had problems with their background checks but contacted Stanley to see if BSS was indeed conducting background checks that were valid. An analysis of BSS interview process and subsequent background testing will be reviewed.

    Read More

  • Adverse Impact and Recruiting

    1542 Words  | 4 Pages

    When employers seek new employees, they have a variety of external recruiting methods available from which to choose. The method chosen may depend on such factors as budget, desired applicant characteristics, and type of access to potential employees in the labor market. Recruiting decisions should also consider each method’s potential for adverse impact against certain groups of employees. Adverse impact in employee recruitment or selection occurs when a hiring practice intentionally or unintentionally discriminates against a protected group (CSU-Global, 2013). To decrease the likelihood of adverse impact, employers should proactively engage in recruiting activities designed to reach a broad range of potential job applicants.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Essay On Privacy And Privacy

    1406 Words  | 3 Pages

    Vijayan, Jaikumar. "Users of Online Job Services Risk Lack of Privacy Protection." Computerworld. November 17, 2003. Accessed December 10, 2017. https://www.computerworld.com/article/2573827/data-privacy/users-of-online-job-services-risk-lack-of-privacy-protection.html.

    Read More

  • Background Screening Case Study

    585 Words  | 2 Pages

    In todays society, criminal background checks are a common practice among small to large businesses. Background checks are a crucial step within the hiring process for numerous company’s. They provide important and unique information on potential candidates to employers. For some, employers want an idea on who they are hiring and if they would be a reliable asset to the company. Businesses who deal in the retail, educational institutions and security firms must be extra cautious when hiring new personal. For some company’s, hiring a potential candidate with criminal history could cause public outrage or lawsuits in the future. In 2012 the Equal Employment Opportunity Commission (EEOC) issued guidelines on how past conviction records can

    Read More

  • Primary Responsibilities of a Private Security Manager

    1019 Words  | 3 Pages

    Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.

    Read More

  • Background And Reference Check

    620 Words  | 2 Pages

    The hiring process can be overwhelming for a company, but the organization needs to make sure all information is gathered in regards to an applicant. The company needs to investigate and take the time to fully get to know the applicant before and after a job interview. Just because an applicant interviews very well and he/ she states they are a loyal, respectful, and law abiding citizen, the potential employer still needs to investigate and conduct a thorough background and reference check. These two investigations can reveal a lot about the applicant and it will also give the potential employer the chance to talk to past employers about the individual to get an accurate account of the individual’s job performance. Background and reference checks are very important for companies to implement and the results could help the company gain a better understanding of how

    Read More

  • Statement of Purposefor a Masters in Cybersecurity

    1114 Words  | 3 Pages

    My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.

    Read More

  • Employee Background Check

    659 Words  | 2 Pages

    Recent studies have revealed that there is a rising trend in carrying out background checks on prospective employees. However, what has brought about this growing trend. In this article, we take a look at some of the reasons why it is important to conduct a thorough background check on employees.

    Read More

  • The Importance Of Employee Background Check In The HR Practice

    752 Words  | 2 Pages

    Employee background check is one of the HR practice and it is one of the step in recruitment process as said by the Jyothi, Venkatesh and Rao (2007) . Who to do the employee background check and why to do the background check were in the table 1.1. Employee background checks were performed by the employers on the job applicants. These checks are traditionally administered by a government agency for a nominal fee, but can also be administered by other companies. Background checks can be expensive depending on the information requested.

    Read More

More about New-Hire Onboarding and Information Security

Open Document