IT Governance, Risk, and Compliance

May 13 2011   8:48PM GMT

Effective Employment Practices for Protecting IT – Part III



Posted by: Robert Davis
Tags:
Conduct Code
Due Care
Due Diligence
Employment Practices
Information Assets Protection
Misappropriation of Assets

The threat of insiders to data should not be underestimated. If an entity is to be successful in preventing security breaches, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Supporting this perspective is the realization that persons with high technical skills and organizational process knowledge pose the greatest threat to an entity. Coupled with inadequate controls, persons with access to an entity’s internal network could potentially disrupt or corrupt vital services as well as gain access to unauthorized confidential information. In addition, misappropriation of assets, though often not material to the financial statements, can nonetheless result in substantial losses if an employee has the Incentive/Pressure, Opportunity and/or Attitude/Rationalization to commit an illegal act.

View Part I of the Effective Employment Practices for Protecting IT series here

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: