IT Governance, Risk, and Compliance

May 24 2011   7:49PM GMT

Effective Employment Practices for Protecting IT – Part VI



Posted by: Robert Davis
Tags:
Conduct Code
Due Care
Due Diligence
Employment Practices
Information Assets Protection
Misappropriation of Assets
Safeguarding Assurance

Formal, documented entity-centric job (position) descriptions should exist for each entity employee that clearly conveys duties, prohibitions, and reporting relationships. Typically, position descriptions are prepared based on job analyses — systematic procedures for observing work and determining what tasks should be accomplished to achieve organizational goals. Position descriptions should include definitions of technical knowledge, skills, and abilities required for successful performance in the relevant job and should be useful for hiring, promoting, and performance evaluation purposes. Furthermore, itemized duties should indicate responsibilities assumed during emergency situations. An entity’s human resources department should be accountable for ensuring all organizational positions are reviewed for assignment sensitivity level relative to security requirements. Individually, an approved position description should match an employee’s assigned duties.

View Part I of the Effective Employment Practices for Protecting IT series here

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: