The security of information systems is crucial to the performance of each and every company or organization. It is, therefore, the responsibility of each and every employee to ensure that the laid down procedures for protection and safety of the systems are adhered to with utmost care. Information systems security measures are implemented to ensure that both the integrity, confidentiality, authenticity, and availability of the data stored in the system is not compromised. A balanced approach is used to ensure that administrative, operational as well as personnel controls are implemented equally. The nature of the information secured determines the level of security imposed.
Human safeguards for employees are meant to control their behavior in relation to access and use of information in a system. Through identification and authentication management, employees would be restricted on the modalities of accessing and using the system.
Each employee in an organization is assigned a unique password used to enter the system. The identity should not be used by multiple employees since audit measures are put in place and every employee is accountable for their individual actions.
Identities require authenticators such as passwords, biometrics, and smart cards at logon or accessing the system. However, the level of “threats” might determine the usage of these authenticators. High-risk workstations or LANs might require an employee to have additional access rights and/or clearance in order to access. Employees with lower clearance might require personnel escort within such areas.
Password protection safeguards against unauthorized access. No employee passwords should be written down on notebooks. Default passwords should be changed immediately upon the creation of accounts. Passwords should also be created using alpha-numeric digits more than eight in number with different case styles. Employee passwords should be regularly changed and where passwords are being echoed such as in half-duplex connections, overprint masks are used before the passwords are entered to conceal it. Safeguards are established to detect and safeguard the unauthorized access or use of media to alter or introduce changes to the information systems.
In summary, human information security measures are meant to control the access privileges of humans while accessing the system. Electronic storage devices should be monitored by the chief security officer to ensure that unauthorized information is not passed to unauthorized persons. Likewise, human-readable output classified as high-security information should be reviewed before release. Electronic files released out of the security boundary should be cleared. Generally, the manner in which humans utilize the information system is a matter of concern and sufficient controls should be established.