SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards Steve

  • Slides: 11
Download presentation
SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards, Steve Guynes and Wayne Spence April 12,

SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards, Steve Guynes and Wayne Spence April 12, 2010

Organization • • • Introduction Sources of Computer Crime Organizational Climate and Morale Communication

Organization • • • Introduction Sources of Computer Crime Organizational Climate and Morale Communication Job Satisfaction Job Rotation and Enlargement Employee Training Summary Conclusion 2

Introduction • Relationship between computer crime and employee management has not received the attention

Introduction • Relationship between computer crime and employee management has not received the attention it deserves. • “Employee management” is used in contrast to “Personnel management” • There is a direct relationship between the way employees who work with or have access to the computer are managed and the amount of computer crime occurring within a firm. 3

Sources of Computer Crime • Management should develop and maintain effective employee management practices

Sources of Computer Crime • Management should develop and maintain effective employee management practices that will discourage criminal activities • Management must become concerned not only with hiring of well trained, dependable personnel, but also ensure that these people remain individuals of integrity by treating them in a manner which promotes this desired behavior. • Good employee management policies can serve as preventative measures in reducing the risk of computer crime 4

Organizational Climate and Morale • Employee management strategies include – Management's increased awareness of

Organizational Climate and Morale • Employee management strategies include – Management's increased awareness of the prevailing climate and attitudes of its personnel – Improved communication between management and its employees – Maintenance of a good working environment in which there is little motivation to breach security system • Management can become aware of the climate within an organization by – – – Grapevine (Unofficial path of verbal communication) An open door policy that encourages feedback Observations of attitudes displayed by employees Establishment of close relations with the personnel department Staying alert to office politics. 5

Communication • By increasing interaction , both groups can better understand the needs of

Communication • By increasing interaction , both groups can better understand the needs of the other and thus develop "team spirit“ • It is extremely important that employees feel they are a valuable and contributing part in achieving the organizational and financial goals of their company. • Employee should be given a sense of belonging • While an employee might be hesitant to "inform" on fellow workers while directly interacting with them, an employee leaving the company might have a different attitude (Exit Interview) 6

Job Satisfaction • Are the needs which motivate personnel working with the computer different

Job Satisfaction • Are the needs which motivate personnel working with the computer different from those in other professions? • Survey suggests that DP personnel have a higher need for personal growth than the average • Points to five key factors 1. 2. 3. 4. 5. Development of a variety of skills Identity with work, Task significance, Autonomy Feedback. • Major complaints of these employees is related to the limited career paths offered to the technical specialist. 7

Job Rotation and Enlargement • Major motivating factors in the commission of crime by

Job Rotation and Enlargement • Major motivating factors in the commission of crime by computer is the challenge involved. • If an employee is challenged sufficiently by his or her job, he/she may feel less compelled to challenge the system • Job rotation : might be implemented by allowing a programmer to perhaps be an application programmer for a year, then a user consultant and then a systems analyst. • Job enlargement: refers to the concept of allowing a person to be responsible for several tasks as opposed to one at a time. • Undetected security breach may be compartmentalized to the duration of the job rotation cycle. 8

Employee Training • Management can show that they are concerned with employee development by

Employee Training • Management can show that they are concerned with employee development by encouraging them to participate in a number of advanced training opportunities. • In addition to gaining knowledge, it will help employees perceive that management is attempting to make their work more meaningful. • This will help to increase the worker's self esteem and sense of pride as well as increase employee morale. 9

Summary • Security and its relationship to computing personnel is a critical issue •

Summary • Security and its relationship to computing personnel is a critical issue • Management must provide an environment in which an otherwise honest person is not tempted to perform illegal acts. • Security measures : Predisposition, motive, and opportunity. – Person's predisposition cannot be guaranteed, one must identify those employees and situations which might lend themselves to the commission of an illegal act. – Effectively remove the motive – Deny the individual an opportunity to conduct illegal acts. 10

Conclusions • Thank you for your time • Questions and feedback are welcome 11

Conclusions • Thank you for your time • Questions and feedback are welcome 11