Access Control- Limiting access to a system

A.9. Access Control   To begin with “ if  you have no access control means you have no security at all.” Access control is one of the main building blocks of information security. It is to be designed as it is both secure enough and acceptable to users. The purpose of this document is to specify the rules for access to various systems, sensitive information and equipment facilities. Using an…

Human resource security – defining roles and responsibilities

A7. Human resource security   The   crucial   task   for HR department when it comes to information security is to be proactive rather than reactive. It is indecorous just to rely on your IT departments  to make sure staff are educated about data loss and how to prevent it. HR professionals has to ensure that  employees  comply  with  security policies. The purpose of this standard is to set rules that apply…