•  Moving personnel around reduces the risk of fraud, data modification, theft,
                              sabotage, and misuse of information.

                       Figure 2.2 An example of job rotation among management positions





















                       Job rotation requires that security privileges and accesses be reviewed to maintain
                       the principle of least privilege. One concern with job rotation, cross-training, and long-
                       tenure employees is their continued collection of privileges and accesses, many of
                       which they no longer need. The assignment of privileges, permissions, rights, access,
                       and so on, should be periodically reviewed to check for privilege creep or misalignment
                       with job responsibilities. Privilege creep occurs when workers accumulate privileges
                       over time as their job responsibilities change. The result is that a worker has more
                       privileges than the principle of least privilege would dictate based on that individual’s
                       current job responsibilities.

               Employment Candidate Screening

                       Employment candidate screening, background checks, reference checks, education
               verification,  and  security  clearance  validation  are  essential  elements  in  proving  that  a
               candidate  is  adequate,  qualified,  and  trustworthy  for  a  secured  position.  In  addition  to
               employment agreements, there may be other security-related documentation that must be
               addressed. One common document is a nondisclosure agreement (NDA). An NDA is used to
               protect the confidential information within an organization from being disclosed by a former
               employee.

               Employment Termination Processes

                       When  an  employee must  be  terminated,  numerous  issues must  be  addressed.  An
               employee  termination  process  or  procedure  policy  is  essential  to  maintaining  a  secure
               environment  when  a  disgruntled  employee  must  be  removed  from  the  organization.  The
               following list includes some other issues that should be handled as soon as possible:
                          •  Make sure the employee returns any organizational equipment or supplies from
                              their vehicle or home.
                          •  Remove or disable the employee’s network user account.

               ITEC106 – Systems Security                                       Mr. John Mark L. Dula