Discuss some human safeguards for employees that can ensure the security of information systems

What will be an ideal response?

---

Human safeguards involve the people and procedure components of information systems. In general, human safeguards result when authorized users follow appropriate procedures for system use and recovery. Restricting access to authorized users requires effective authentication methods and careful user account management. In addition, appropriate security procedures must be designed as part of every information system, and users should be trained on the importance and use of those procedures.
The various human safeguards for employees are:
Position Definitions—It is impossible to have effective human safeguards unless job tasks and responsibilities are clearly defined for each employee position. In general, job descriptions should provide a separation of duties and authorities.
Hiring and Screening—Security considerations should be part of the hiring process. When hiring for high-sensitivity positions, extensive interviews, references, and background investigations are appropriate.
Dissemination and Enforcement—Employees need to be trained on security policies, procedures, and the responsibilities they will have. Employee security training begins during new-employee training, with the explanation of general security policies and procedures. That general training must be amplified in accordance with the position's sensitivity and responsibilities.
Termination—Companies also must establish security policies and procedures for the termination of employees. Standard human resources policies should ensure that system administrators receive notification in advance of the employee's last day, so that they can remove accounts and passwords. Procedures for recovering keys for encrypted data and any other security assets must be part of the employee's out-processing.