Chapter 26 Human Resources Security

Domenic Antonucci, Editor and Chief Risk Officer, Australia

Grace, the head of human relations, is in CEO Tom’s office for the last time before Tom is to present to the board. Tom said, “Well, Grace, I’ve heard nearly everyone mention something that also seemed to involve your HR function. Can you just spell out the basic capabilities for human resources security that you are responsible for in HR?”

If people are said to be the weakest links in any security system, then the HR function and its processes have a role to play. As the needs of organizations and their HR functions of varying size and maturity may differ, let us summarize in this chapter recommended capabilities expected of lower-, mid-, and higher-maturity HR functions. For more detail on what constitutes the HR function’s process maturity, refer to the SEI capability maturity model approach.1

Needs of Lower-Maturity HR Functions

Some HR functions are small or at lower-levels of HR process capability maturity. Here, managers take basic and possibly some managed levels of responsibility for managing and developing their people within the cybersecurity and enterprise functions. No matter how small or immature, there is no excuse for not communicating to staff minimum protocols or a standard for HR cybersecurity.

An Example Human Resource Security Standard

For heads of HR in a hurry, the City University of Hong Kong Human Resource Security Standard is a public domain document ...

Get The Cyber Risk Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.