Page 713 - StudyBook.pdf
P. 713

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  697

                 accessed after they have been disposed of. Dumpster diving is a term that describes
                 the process of looking through the garbage for printed documents.A relatively
                 simple method of deterring dumpster diving is by using a paper shredder to destroy
                 sensitive printed material. Such documents may contain sensitive information about
                 a company, its clients, or its employees. Imagine what a criminal could do with a
                 personnel file or a list of passwords if they pulled it from the trash.To prevent
                 printed materials from getting into the wrong hands, a policy should specify if all
                 documents or only certain types should be shredded.



                 TEST DAY TIP
                      Remember that disposing of sensitive information requires that you
                      destroy the electronic and printed data as well. Throwing a piece of
                      paper or hard disk in the garbage means that it is out of sight and out
                      of mind, but does not mean it is gone forever. Anyone retrieving docu-
                      ments or media from the trash may be able to view it. Once you
                      remember that disposal and destruction goes hand-in-hand, you will
                      find it easier to identify proper disposal methods when they are pre-
                      sented in test questions.





                 HR Policy

                 HR departments deal with a large variety of issues, and need to work closely with
                 IT departments to ensure security needs are met. HR performs such tasks as hiring,
                 firing, retirement, and transferring employees to different locations. HR also main-
                 tains personnel files of employees, and may be responsible for assisting in the distri-
                 bution of identification cards, key cards, and other items relating to security.
                 Because of the tasks they each perform, it is important that good communication
                 exists between HR and IT staff.
                    Upon hiring a person, HR may be responsible for issuing ID cards designed by
                 IT staff, which are used to identify employees.This is important to physical security
                 in the building, as the cards provide visual recognition of who is supposed to be in
                 certain areas. HR may also be responsible for issuing key cards.
                    When a person is hired or experiences a change in employment with an orga-
                 nization, HR needs to notify the network administrator so that network access can
                 be administered accordingly.Without a proper HR policy, network administrators
                 will be uninformed of changes and will be unable to perform these tasks.



                                                                              www.syngress.com
   708   709   710   711   712   713   714   715   716   717   718