CertiGuide to Security+  9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)       9  5.4  Policy and Procedures            9  5.4.1  Security Policy

5.4.1.8  Disposal / Destruction 1 5.4.1.9.1  Termination

To the typical IT person, the human resource department does not make a great deal of sense. In brief, the Human Resource department has a wide range of duties, and one area includes legal issues. There are so many governing bodies that must be complied with. To get an idea of the complexity go to the footnote⁴³⁶ and while at the web site, enter the word security in the search box and look at how many hundreds of different papers return from the system library.

The HR department creates the handbook that each employee gets with the policies defined. They must also insure that paperwork is in place acknowledging that the employee has read the book, and understands the provisions.

It may be part of your duties to help Human Resources understand the different technical issues. For example, Senior Management is encouraging the use of Instant Messaging. In this example a balancing act may need to be spelled out with you installing security software⁴³⁷ to protect against worm or viruses while the HR department includes polices instructing staff not to reveal sensitive information via Instant Messaging because data is sent in clear text (human readable form).

5.4.1.8  Disposal / Destruction 1 5.4.1.9.1  Termination