CISSP Address Personnel Safety and Security Concerns – Bk1D7T16St1St2

Address Personnel Safety and Security Concerns as stated previously, health and human safety are the paramount concerns of any security program. This book has included a great deal of information on this topic, including several different aspects found in the preceding chapters. This section will address two specific safety elements not contained elsewhere: personnel security while traveling and the use of duress codes.

Travel

When an employee has to travel for work, the organization has an obligation to ensure their safety. This can include extra medical coverage, insurance, and having defined emergency procedures. Employees should be aware of the risks associated with where they are going and both local emergency contact information and a means to contact the organization. Employees should be booked with a reputable travel agency and into facilities that are known to practice appropriate security. Employees should be warned about visiting public areas or being in the vicinity of demonstrations or unrest. Registering with the consulate or embassy of the employee’s country of citizenship can assist in the event of problems.

In some cases, the employee should be provided a security escort or host who can look after the employee and assist when required. Regular contact should be maintained, and the employee should register their itinerary with their employer prior to departure. When driving in a foreign country, it may be advisable to hire the services of a local driver or guide.

Duress

When an employee is under duress, they may be forced to do something that they did not want to do. For example, when a person is a victim of a robbery, they are under duress  and must cooperate with the thief or risk injury. Employees should be trained in how to handle a stressful situation and what to do when under duress. This may include having code words to alert others in the vicinity to a dangerous situation. When forced to open a combination (on a vault, for example), the employee may enter a duress code that would open the vault but still signal that the employee is being threatened and under duress.

Employees in high-security/risk roles and those traveling away from the workplace should also be trained in the use of verbal duress codes to covertly communicate when they are being threatened or acting against their will. Employees in contact with these personnel should be trained to recognize duress codes and the appropriate process for reporting receipt of a duress signal. Duress codes should typically be something easy to remember, not common in normal speech, but not so discordant as to immediately be recognized by antagonists when the code is transmitted. Duress codes should be changed at regular intervals, but older duress codes that are no longer current should also be treated as suitable for communicating emergencies, in the event an employee has forgot- ten the current code while in a stressful situation.

Related Product : PCI DSS Implementation Training and Certification

When an employee has been subject to duress, the organization should provide sufficient and specific support to the employee and allow them time to recover.

Summary

The security practitioner is heavily involved in the organization’s business processes and functions, in almost all areas. As security always has some deleterious effect on operations, these trade-offs of cost/benefit must always be considered, negotiated among the business units, and finally decided by management. The security officer must understand the business needs of the organization, as well as the comprehensive topics across all disciplines of the security field.

Follow Us

https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/