Security advice

Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email

Personnel security

Personnel security is a system of policies and procedures which seek to manage the risk of staff (permanent, temporary or contract staff) exploiting, or intending to exploit, their legitimate access to an organisation's assets or premises for unauthorised purposes.

Although many organisations regard personnel security as an issue resolved during the recruitment process, it is a discipline that needs to be maintained throughout a member of staff’s time in employment. This includes robust pre-employment screening, effective line management, employee welfare, clear lines of communication, and a strong security culture. It should also include a formal process for managing staff leaving the business.

When applied consistently, personnel security measures not only reduce operational vulnerabilities, they can also help build a hugely beneficial security culture at every level of an organisation. Robust personnel security helps organisations to

  • employ reliable people;
  • minimise the chances of staff becoming unreliable once they have been employed;
  • detect suspicious behaviour and resolve security concerns once they emerge.

Employee Digital Footprint Campaign

What your employees do and say online, or how they use digital devices, can make them and your organisation vulnerable to security threats if they are not careful.

Some of the security vulnerabilities can be obvious, such as posting or sharing confidential organisational information that puts staff, processes or assets at risk. Others may be less so, such as search engines storing search history or smart phones tracking geolocation data which can be exploited by those with malicious intent.

Employee Digital Footprint Campaign

Workplace behaviours campaign

How your employees behave in the workplace can have a real impact on the security risks and vulnerabilities your organisation faces. Security breaches of any kind can result in loss of revenue, productivity or share price; they can damage an organisation’s reputation; they might result in confidential data being leaked; or worse, they can result in physical harm to staff members or the public.

Workplace behaviours campaign

Management of External Visitors

When external visitors (e.g. non-cleared individuals including foreign liaison, commercial competitors and the media) are due to visit a sensitive work location, we recommend the creation of a security plan in order to mitigate the security risks.

Security in the Supply Chain

Most organisations have multi-tiered supply chains which are likely to be both upstream (supply) (i.e. between the organisation and the organisation’s suppliers or suppliers’ suppliers) and downstream (demand) (i.e. between the organisation and its market). Vulnerabilities in these supply chains can introduce vulnerabilities to the organisation itself and to its assets. Those vulnerabilities can expose the organisation and its assets to risk from national security threats, principally terrorism, hostile cyber-attacks by foreign states and large scale cyber-crime.

Security in the Supply Chain

Social engineering: Understanding the threat

As individuals and organisations improve their physical and electronic defences, those wishing to gain access to premises or acquire sensitive information may attempt to exploit people within the organisation who already have legitimate access. Social engineering is the process whereby a third party can gain that information or access.

Social engineering: Understanding the threat

Communicating personnel security messages

CPNI has made six short animated films to promote interest in personnel security.

Communicating personnel security messages

HoMER

Holistic Management of Employee Risk (HoMER) is new guidance to help you manage the risk of employees’ behaviour damaging your business.

HoMER

Remote working

Remote working, whether it is working from home, on the move or in clients’ or satellite offices, is become ever more commonplace, growing to an estimated 20 per cent of the working population (over 6.5 million people) in 2012.

Remote working

Guard force motivation

A critical component of any security system is the security staff, specifically guard forces, such as those who undertake patrols, guard entrance points, and carry out security screening. Motivated, attentive and observant staff in these roles can form a highly-effective deterrent presence and final line of defence where other interventions (e.g. electronic security access) have failed. Conversely, demotivated staff who do not perform their role effectively can be a single point of failure within a security system.

Guard force motivation

Security culture

Developing a security culture within an organisation is about encouraging staff to respect common values and standards towards security whether they are inside or outside the workplace.

Security culture

Disclosure of employee-related information

Guidance for employers on how to manage employee-related information disclosed to them by the security authorities.

Disclosure of employee-related information

Contract staff

Most organisations utilise contractors in one form or another. From an independent specialist working on a particular project, through to the use of a third party company providing a team to fulfil a function, contractors are part of everyday working life.

Contract staff

Overseas criminal record checks

How to obtain an Overseas Criminal Record Check provides advice to employers and employees (including prospective employees as part of the recruitment process) on obtaining criminal record checks in 63 countries.

Overseas criminal record checks

Online social networking

Online social networking (OSN) and microblogging are hugely popular and offer significant business benefits to organisations. However, their use poses risks both to the data on the IT system used to access the sites, and to the users of the sites and the organisations they work for.

Online social networking

Personnel security in offshore centres

CPNI's guidance covers a range of personnel security issues which may be found in an offshore business location, including cultural issues, managing recruitment, ongoing security measures and the use of investigative techniques.

Personnel security in offshore centres

Pre-employment screening

Pre-employment screening is the foundation of good personnel security. It seeks to verify the credentials of those you are seeking to grant access to your sites and information, and to check that they meet preconditions of employment (e.g. that they are legally permitted to take up an offer of employment).

Pre-employment screening

Personnel security risk assessment

CPNI has launched the 4th edition of Personnel Security Risk Assessment: A Guide. This new edition contains worked examples and is a succinct step-by-step guide to carrying out a personnel security risk assessment.

Personnel security risk assessment

Insider threats

Some attacks, whether from criminals, terrorists or competitors seeking a business advantage, may rely upon the co-operation of an insider. This could be an employee or any contract or agency staff (e.g. cleaner, caterer, security guard) who has authorised access to your premises.

Insider threats

Ongoing personnel security

Ongoing personnel security is the protection of an organisation’s assets from unauthorised use by employees, and the identification and management of employees who may pose a security risk.

Ongoing personnel security

Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email
man and woman in interview

Related Documents