10.5. Staff Background Checks
Personnel security policy covers a raft of matters that relate directly to your staff and their responsibilities and obligations within the company to protect information and promote information security in general. Quite a lot of this has already been covered in this chapter. This section discusses the recruitment process, where the practice of personnel security is first applied.
Background checks have become absolutely critical in the hiring process and not only in areas where the candidate will have access to sensitive information. There are several reasons why background checks are conducted:
To confirm information given during the recruitment process. At the very least, this should confirm the identity of the candidate, qualifications held, and employment history.
Due diligence to prevent lawsuits that may arise as a result of hiring people who have misrepresented themselves.
Outside of public sector positions, where formal security clearance procedures may be applied (see the appendices), background checking is performed by the organization's own Human Resources department or (more likely) outsourced to a company that specializes in this kind of work. Background checks have to be cost effective and completed quickly so obviously there are a lot of things it is simply not going to be possible to find out. However, at a minimum, the following information should be validated:
Employment history – Pay particular attention to gaps in employment. ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
