Page 24 - PowerPoint Presentation
P. 24
• Notify human resources to issue a final paycheck, pay any unused vacation
time, and terminate benefit coverage.
• Arrange for a member of the security department to accompany the released
employee while they gather their personal belongings from the work area.
• Inform all security personnel and anyone else who watches or monitors any
entrance point to ensure that the ex-employee does not attempt to reenter the
building without an escort.
Figure 2.3 Ex-employees must return all company property
Vendor, Consultant, and Contractor Controls
Vendor, consultant, and contractor controls are used to define the levels of
performance, expectation, compensation, and consequences for entities, persons, or
organizations that are external to the primary organization. Often these controls are defined
in a document or policy known as a service-level agreement (SLA).
Compliance
Compliance is the act of conforming to or adhering to rules, policies, regulations,
standards, or requirements. It is related to whether individual employees follow company
policy and perform their job tasks in accordance to defined procedures.
Privacy
Some partial definitions of privacy:
• Active prevention of unauthorized access to information that is personally identifiable
(that is, data points that can be linked directly to a person or organization).
• Freedom from unauthorized access to information deemed personal or confidential.
• Freedom from being observed, monitored, or examined without consent or
knowledge.
Many US regulations include privacy requirements. The following are a few examples:
• Health Insurance Portability and Accountability Act (HIPAA)
• Sarbanes-Oxley Act of 2002 (SOX)
• Gramm-Leach-Bliley Act
• EU’s Directive 95/46/EC (aka the Data Protection Directive)
• Payment Card Industry Data Security Standard (PCI DSS)
Security Governance
ITEC106 – Systems Security Mr. John Mark L. Dula
