7 hours 52 minutes
a seven. Human resource security
In this video, we will understand control suit a seven,
the different controls it contains
and what documentation is required, which can be used to support your SMS.
A. Seven Human resource security
consists of three control sets.
The first one,
prior to employment, consists of two controls.
Thes controls are
a 7.1 point one screening.
Screening pertains to
performing background checks on employees prior to their employment.
This is normally performed by HR
as well as your security department.
The chicks may be done routinely prior to employment
as well as during employment.
Some of the most common background checks include a criminal history check,
a credit check
and a verification off qualifications. Chick.
The second Control prior to employment
is a 7.1 point two.
This pertains to terms and conditions of employment.
This is ensuring
that the information, security roles and responsibilities
are included in their employment contract
and that they are made aware of this during the employment stage.
The next controls it
is a 7.2 during employment.
This consists of three controls.
The first control
is a 7.2 point one management responsibilities.
This basically means it is management's responsibility
to ensure that staff are following their information security responsibilities as they have been defined.
Management can also issue a formal management statement to employees,
which mandates their compliance with the information security policies and procedures.
This can go out in the form of an email or memo
be restated in front of the security policy
on the company Internet site
where the policies and procedures are made available.
The second control
for the during employment control set
is a 7.2 point two
information security awareness and training.
This control pertains to your organization having a robust information security awareness and training program.
Evidence of this can include posters around the workplace,
examples of emails that are sent out containing information security awareness content,
evidence of information security awareness and training sessions such as attendance registers
and training content.
Whether this was done online or in person, it does not matter
another important component off security awareness training.
His results of assessments performed
as this measures the level off success of the awareness program.
Measures of success can include assessments performed after awareness or training sessions
as well as phishing campaigns.
The third control
in the during employment controls it
is a 7.2 point three
the disciplinary process.
It is important that your disciplinary process contains specific clauses
which allow for personal to go through the disciplinary process
due to a transgression. Often information security, nature.
If a specific statement in your information security policy is not adhered, thio
this needs to be explicitly defined in the disciplinary process,
as well as all the associative information
around the levels, off transgression
and the different types of disciplinary actions that can be taken for transgressions.
The last control set
is a 7.3
termination and change of employment.
There is only one control in this section,
and it is called the same as the control set, termination or change of employment responsibilities.
This control is the control that ensures that when an employee is terminated,
all their access rights on any systems that they had access to
are appropriately terminated,
and then all company issued equipment
such as laptops or flash drives
and so forth
are returned on time to the appropriate personal in the organization.
When an employee changes roles within your organization,
it is important to ensure that the employees does not have
privilege creep on your systems.
This is when
an employee moves from, say, I t to finance
or vice versa, whatever the case is,
and they retain their privileges on the systems that they had from their previous role,
as well as gain new privileges
in the new role
when employees change roles,
any privileges they had associated with their previous role
should be revoked,
and only the privileges necessary for their current role
should be enforced.
In this video, we covered the three control areas that make up control, said a seven
which pertains to human resource security
and that there are certain controls that you need to have in place
prior to employment
as well as upon termination of employment.
To ensure that information security is maintained throughout your employees employment life cycle