Personnel and People Security
Effective protective security requires the integration of physical, personnel and people, and cyber security measures. There is almost always a human element (direct or indirect) at a point of security failure. This collection of CPNI advice and tools focuses on the personnel and people aspect.
Personnel and People security – What is it?
Personnel security is a system of policies and procedures which seek to mitigate the risk of workers (insiders) exploiting their legitimate access to an organisation’s assets for unauthorised purposes.
People security is about shaping and controlling the environment to promote vigilance and an effective security culture, and to influence and deter those seeking to cause harm.
The CPNI approach to good personnel and people security is focussed on three main strands of activity around the people element of protective security:
- Reducing Insider risk – this strand helps organisations to reduce the risk of an insider by undertaking good personnel security practices such as risk assessment , pre-employment screening and ongoing personnel security.
- Optimising people in security – how do you get the most out of a relatively untapped security resource – your staff and visitors? This strand helps organisations understand the importance of building a good security culture and how to undertake staff behaviour change campaigns. This strand also looks at how to maximise the motivation and proactive detection capabilities of your dedicated security staff.
- Disrupting hostile reconnaissance – this strand looks at how to mitigate the external people threat by understanding the mind-set and activities of those undertaking attack planning and hostile reconnaissance. This collection will help you understand what might deter people who are undertaking target selection and in the information gathering stage of their plans.
The sections below will enable you to explore these three key personnel and people security components in greater detail.