Within your organization, there will be many different interactions with employees. You need to determine how to deal with these interactions and add your organization’s policies to the security plan. The driving force behind any security policy should be what an employee needs to know to perform his or her job effectively.
What privileges do particular employees need? What limitations should you place on these privileges? A major problem with trying to determine how employees will be able to access a database or application is the need to balance giving enough privilege to enable the employee to get the job done against the risk of allowing too much access to sensitive information. If a security plan becomes too rigid, employees may feel they are not trusted or may not be able to perform their jobs effectively.
Before an employee is ever hired, an employment application, resumé, or both, is usually submitted for consideration to a company. Many companies track their candidate submittals using computer programs that interact with a database. The information presented in a job application or resume is private and must be handled with care. Your security plan should include procedures for employment application and resumé handling.
Once an employee is hired for a position, the security plan should clearly state the steps to be followed for giving a new employee access to platforms and databases needed ...