Cyber Security: Personnel Organizational Security

Hi everyone, welcome back. Cyber security is an important area of focus. There is a whole lot of data that is being stored and transmitted digitally. This includes sensitive data that could potentially cause damage to someone or even a whole company. We will go over some common policies and strategies that organizations use. With this introduction out of the way, let’s get into it.

Organization Security

Companies may have several policies in place to protect their network from cyber attacks. In this article, we will focus specifically on personnel policies. A number of vulnerabilities come from social engineering attacks where attackers attempt to learn information. More about social engineering can be found here. This newly learned information could potentially allow an attacker to launch a successful attack. Let’s look into some common policies.

On-Boarding

When a new employee is hired, they are likely to go through an on-boarding process. This process will vary from company to company, but it’s overall goal is to bring the new employee up to speed on the company and its culture. This will include any security training and specifying which devices that can be used for work purposes. Personal devices may also be screened for viruses or applications that could potentially cause damage to the company.

Off-Boarding

When an employee is leaving the company, any related data on a personal device should be removed. Data regarding the company should not be left with a former employee.

Separation of Duties

Separation of duties means that each person has their own parts of a tasks to do, and only their parts. Once a part of a task is completed it gets passed to another person. This is an internal security measure to prevent any malicious intent that might occur, this can also prevent accidental errors as well. For instance, a company can have one person receive payments and have another person authorize payments rather than have only one person manage all the money. The two workers in this case will keep each other in check.

Non-Disclosure Agreement (NDA)

An NDA is a legal contract which means an employee cannot give away company secrets without authorization. If an NDA agreement is broken, the penalty is a fine and possibly a termination of employment.

Acceptable User Policy (AUP)

AUP is a policy that lets employees know what they can and can’t do with company devices such as a computer. It also outlines what employees can and can’t do within the company network. For instance, what software can and can’t be installed, or can an employee check Facebook while on the company network.

Conclusion

These are some of the common policies and strategies used for organizational security. Organizational security will vary from company to company due to factors such as what the organization does and how many people are in the organization. Organizational security should also be expected to change overtime. More about organizational security can be found here. I hope this helps. Thanks for reading.