Whenever an employee leaves a company he / she can take the intelligence, knowledge or the
company’s secret information with him/her. So for this reason, some company decides to make
an employee to do nothing for a certain period of time while not let him leave the company.
While deciding to fire him, a company just wait to see some time to have an employee to stay in
the company. This is done because of not to let the knowledge of the company to leak to other
company . This is called intellectual property , while going leaving a company for other
company he can take the knowledge with him to make other company better or use these
knowledge for the betterment of ...view middle of the document...
Employees may perceive the program to be a manifestation of a Big Brother attitude, and might
have questions such as:
Why is management monitoring my work or my e-mail?
Will information security staff go through my hard drive looking for evidence to investigate on
what I am doing ?
How can I do my job well now that I have to deal with the added delays of the information
Resolving these sorts of doubts and reassuring employees about the role of information security
programs are fundamental objectives of the implementation
process as the risk is involved here . Thus, it is important to gather employee feedback early and
respond to it quickly.
How to avoid this:
This study explores the issues involved in positioning the information security unit within
the organization as well as in staffing the information security function. It also discusses how
to manage the many personnel challenges that arise across the organization and demonstrates
why these challenges can (and should) be considered part of the organization’s overall
information security program.
There are several valid choices for positioning the information security department within an
organization. The model commonly used by large organizations places the information security
department within the information technology department and usually designates as its
head the CISO (or CSO, Chief Security Officer), who reports directly to the company’s top
computing executive, or CIO. Such a structure implies that the goals and objectives of the
CISO and CIO are aligned. This is not always the case, however. By its very nature, an
Information security program can, at times, be at odds with the goals and objectives of the
information technology department as a whole. The CIO, as the executive in charge of the
strives to create efficiency in the processing and accessing of the organization’s information,
and thus, anything that limits access or slows information processing can impede the CIO’s
mission for the entire organization. The CISO’s function is more like that of an internal auditor
in that the CISO must direct the information security department to examine existing systems in
order to discover information security faults and flaws in technology, software, and employees’
activities and processes. These examinations can disrupt the processing and accessing of an
organization’s information. Because the addition of multiple layers of security inevitably slows
the data users’ access to information, information security may be viewed as a hindrance to the
organization’s operations. A good information security program maintains a careful balance
between access and security.
organizations has been to separate their information security function from their IT division.
Once an information security function’s organizational...