INTRODUCTION TO SECURITY AND PERSONNELWhen implementing information security, there are several human resource issues that should be addressed. They are• Positioning and naming• Staffing• By valuating impact of information security across the role in IT function• By integrating solid information security concepts into persons practicesEmployees feel threatened when organization is creating or enhancing overall information security program. Positioning and Staffing the Security FunctionSecurity function can be placed within the following:- IT function- Administrative services function- Insurance and risk management function-Physical security function- Legal departmentOrganizations balance requirements of enforcement with the requirement for education, training, awareness, and customer service.Staffing the Information Security FunctionSelecting personnel is based on several criteria, including supply and demand. Many professionals enter security market by gaining experience, skills, and credentials. Presently information security industry is in period of high demand. Credentials of Information Security ProfessionalsMany organizations seek recognizable certifications where most of the existing certifications are new and not fully understood by hiring organizations. Certifications include: TICSA; Security+; CISSP and SSCP; CISA and CISM; GIAC; SCP; IISFA’s Certified Information Forensics Investigator.Cost of Being CertifiedBetter certifications can be much expensive even experienced professionals find it difficult to take an exam without preparation. Many candidates teach themselves through trade press books; others prefer structure of formal training. Advice for Information Security ProfessionalsAlways keep in mind that business before technology. Technology offers elegant solutions for some problems, but increases difficulties for others. Never lose the sight of target: protection. Be heard and not seen. Be more skillful than you let on; know more than you say. Speak to users, not at them. Know that is education can never be completed. Separation of Duties and CollusionSeparation of duties --control used to reduce the chance of individual violating information security; stipulates completion of significant task requires at least two people. Figure given below depicts how to prevent collusion.Collusion – dishonest workers conspiring to commit unauthorized task.Two-man control – The two individuals review and approve work of each other before the task is categorized as finished.Job rotation – Employees know each others’ job skills.