IT Governance, Risk, and Compliance

May 27 2011   9:33PM GMT

Effective Employment Practices for Protecting IT – Part VII



Posted by: Robert Davis
Tags:
Conduct Code
Due Care
Due Diligence
Employment Practices
Information Assets Protection
Misappropriation of Assets
Safeguarding Assurance

Requiring periodic confirmation by employees of their safeguarding responsibilities will not only reinforce IT security policies, but potentially deter individuals from committing illegal acts and might identify problems before they become significant. Such confirmations should include statements that the individual understands the entity’s expectations, has complied with the conduct code, and is not aware of any conduct code violations other than those the individual lists in the response. Although individuals with low integrity and ethical values may not hesitate to sign a false confirmation, most people avoid written misrepresentations due to potential evidentiary utilization during an assertion veracity verification proceeding; whereas, honest individuals are more likely to return an information security confirmation and disclose noncompliant behavior. As a result, conformation response follow-up activities may reveal significant information assets protection issues.

View Part I of the Effective Employment Practices for Protecting IT series here

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: