Introduction
Importance of Personnel Security
Personnel security is part of a three pillar security system which is also defined by information security and physical security. Personnel security mainly encompasses the security of employees or third parties who may come to a place of business either for work or visitation (DIANE Publishing, 2005, p. 93).
The importance of personnel security is unparalleled because the success of many businesses today largely depends on the security of their systems.
Therefore, it is important to uphold personnel security to safeguard the reputation of a business, especially if the business depends on the integrity of its employees.
Overall, having a sound personnel security system is a ‘plus’ for any organization and organizations which have achieved this stature are likely to be perceived favorably by third parties.
Personnel security is also important to businesses because the ethical outlook of new employees maybe initially unknown and therefore, it is important to safeguard the interest of the company against rogue employees.
Indeed, new employees may have access to vital, confidential and sensitive information thereby increasing the risk profile of the organizations they work for (DIANE Publishing, 2005, p. 93).
For example, if unscrupulous employees get hold of vital company information and releases it to the public, the company may suffer a severe dent of reputation and possibly a loss of funds.
Similarly, an employee who secures a job with a competitor may reveal some of the secrets forming the foundation of a company’s success (to the competitor), thereby weakening the company’s success prospects.
From these inherent risks, it is therefore crucial to ensure personnel security in the organization.
Role of Security in Personnel Practices
As mentioned in earlier sections of this paper, personnel practices are often integral to the success of any business. In this regard, it is important to ensure that an organization gets the right employees.
Getting the right employees is however subject to crucial vetting processes like interviews and background checks
Personnel Security Examples: Interviews
Conducting Interviews is an important personnel security process because it enables an organization to scrutinize its employees.
Scrutiny may involve different aspects of a person’s conduct, including what he/she thinks, believes and values (Henderson, 2007).
For example, it is possible to know when a prospective employee is lying or telling the truth about a specific question and depending on whether the truth or lie is told, the interviewer gets to know something about the person.
Through interviews, it is therefore possible for interviewers to evaluate whether a person may pose future security concerns or not.
Personnel Security Examples: Background Checks
Background checks have become an important security requirement today (especially when an employee is considered for a sensitive job) (Henderson, 2007).
Usually, this type of security procedure includes probing an employees’ criminal record, financial wellness and credit score. For safety and security purposes, background checks are used as a tool to evaluate the character, fitness and qualifications of an employee to oversee a sensitive area of operation.
Background checks have mainly been used in government offices to determine an employee’s security clearance (Henderson, 2007).
Employee Agreements
Every employer is often encouraged to draft an employee agreement contract to prevent future disputes. However, in the field of personnel security, employee agreements act as a guideline for undertaking security operations (Henderson, 2007).
Employee agreements may stipulate the actions and rules of governance to be followed in case of any security breach, but more importantly, it acts as a deterrent for employees to breach the security agreement it shares with the company.
Such employee agreements present valid actions (like termination or prosecution) whenever a breach occurs.
Personnel Security Training
Personnel security training is important in the preparation of employees and businesses to evaluate security risks and manage them accordingly.
Several methodologies are used in training but most of them revolve around the concepts of security awareness, influencing behavior, and consequences of violations
Importance of Security Awareness
Security awareness is important because of three reasons. The first reason is to increase the compliance rate with existing security laws and regulations (Kane, 1999).
Companies today are bound to comply with security regulations as a requirement for their certification; failure to do so may result in the closure of business, or a similar repercussion.
Having a high rate of security awareness in the organization increases the level of security compliance. Secondly, high security awareness is important in reducing unpredictable costs such as litigation costs (and the likes) (Kane, 1999).
Furthermore, having high security awareness in the organization gives companies a competitive advantage over other companies that do not share the same level of security awareness.
Influencing behavior
Influencing behavior is a common tool used in personnel security training because employees are often persuaded to change their attitudes and behaviors to comply with the ultimate goal of upholding a high security profile for the organization.
Several sub-tools may be used in this methodology but the most common is persuasive technology (Sennewald, 2011). Through persuasive technology, employees are encouraged to change their behavior to support safe and secure behavior.
Consequences of Violations
In any training program, there needs to be rules and regulations governing the process, where the respondents are taught the guidelines of operations and the consequences of violations.
Personnel security training is no exception. While specifying the consequences of violations, employees are taught the repercussions of non-compliance. This measure encourages employees to follow security regulations and policies (Sennewald, 2011).
Incident Reporting Program
An incident reporting program is a framework where employees are able to launch security issues to the relevant authorities. On one end of this program is the management (usually through the information technology manager) and the other end is the employees.
However, some systems allow third parties to participate in the incident reporting program as part of a wider ploy to increase the scope of the framework.
Importance of Incident Reporting Program
An incident reporting program is vital for the upheaval of a sound security system. Its importance is mainly demonstrated by its ability to increase the detection and response to security threats within the organization.
Bauer and Harteis (2012) explain that it is important for an organization to have an incident reporting program to improve its response to security breaches and most importantly, to prevent the occurrence of severe security breaches (or the occurrence of a similar event in the future).
Incident Reporting Training
Albeit organizations need to establish an effective incident reporting program, the employees (or other stakeholders in the organization) need to be taught their role in the entire program.
This occurs through incident reporting training. In the program, employees are taught what type of incidents to report, how they should report such incidents and when they need to do so (Bauer and Harteis, 2012).
The program also articulates when investigations need to be undertaken and who should conduct such investigations.
Comprehensively, the incident reporting program familiarizes the staff with the knowledge, tools and techniques of how to manage security issues.
Testing the Procedures
Testing the procedures for the incident reporting program is an important undertaking because it ensures that the efficiency of the entire incident reporting process is guaranteed.
More importantly, it ensures that the structures and mechanisms of the program work and fulfill the initial objectives of the program.
In addition, testing the procedures is also another way to ensure that all the stakeholders in the program know their roles and understand what to do.
Ideally, the procedures should be tailored to ensure all the structures of the incident reporting program work well (Bauer and Harteis, 2012).
Conclusion
The importance of personnel security should not be underplayed at any point in the development of a company’s security systems. People are by far the biggest threat to security and therefore, it is important to have a working personnel security policy.
The preliminary phase of guaranteeing personnel security is carrying out interviews, background checks, and developing employee agreements. These tools are vital to minimizing the probability of personnel security breaches in the organization.
Sequentially, the employees should be subjected through a thorough training program that ensures they fully understand what is expected of them.
Finally, as an implementation tool, a company should establish an incident reporting program to improve its responsiveness to security threats. Comprehensively, these measures will guarantee personnel security in the organization.
References
Bauer, J & Harteis, C. (2012). Human Fallibility: The Ambiguity of Errors for Work and Learning. New York: Springer.
DIANE Publishing. (2005). Report of Investigation: The Aldrich Ames Espionage Case. New York: DIANE Publishing.
Henderson, W. (2007). Security Clearance Manual: How to Reduce the Time It Takes to Get Your Government Clearance. Washington: Last Post Publishing.
Kane, P. (1999). Practical Security Training. Sydney: Elsevier.
Sennewald, C. (2011). Effective Security Management. Sydney: Elsevier.