Information Technology Reference
In-Depth Information
Define what constitutes effective operations.
With respect to each IA 2 view and the IA core principles
Define what constitutes secure operations.
Process (IA 2 Process view)
Business process.
Align information security with business processes.
Policies
Standards
Procedures
Reflect external compliance requirements including legislation (e.g.,
HIPAA) and regulation (e.g., SEC).
Support mission integrity.
Disseminate policies, standards, and procedures to employees.
Track breadth and effectiveness of dissemination.
Ensure the message reaches the appropriate audience.
Ensure the audience understands the message and complies.
Assets (IA 2 views for systems and applications, data and information, and
infrastructure)
Physical assets
Virtual assets
Intellectual property
Patents, trademarks, copyrights, proprietary
n
n
n
n
n
n
n
n
n
The following sections provide examples of employment practices as part of the
IA 2 people view and compliance management as part of the IA 2 policy view.
5.5.1
Employment Practices and Policies
he IA 2 Process evaluates the existence and adequacy of employment practices and
policies from the following perspectives:
n
n
Due diligence requirements
Perform background checks.
Special care in hiring workers dealing with the public.
Identify and isolate/terminate problem employees immediately.
Corporate liability
Respondeat superior ; an employer is legally liable for employee actions if the
employee is acting under the course and scope of employment.
Careless hiring and retention.
Employer Liability for an Employee's Bad Acts , Nolo (www.nolo.com; last accessed July 2007).
 
Search WWH ::




Custom Search