• IS security
  • Personal Data Protection Security Project
  • Security Project for Technical Device Designed for Work with Classified Information
  • Risk Analysis and CRAMM Risk Analysis
  • Personal Security
  • Business Continuity Management - BCM
  • Business Impact Analysis - BIA
  • Network Security
  • Protection Against Malicious Code
  • Security Incident Monitoring and Management
  • Access Control
  • Security Policy Enforcement
  • Security Control Documents
  • Effective Use of the Internet
  • Protection of technical means against unwanted electromagnetic radiation using TEMPEST filters
• Technical and object security
• IT solutions
• SW solutions

Personal Security

IS-related threats from the organization’s own or third-party employees exist in every organization. The weakest link of any security structure is man himself, which makes it necessary to pay increased attention to this area.

The personal security field is therefore focused on the following activities:

• hiring of employees
• employees’ activities during their employment
  • employee evaluation
  • educational and training process
  • solving of problems associated with threats to employees
• employment termination

Whenever employees are hired in an organization, it is common to verify their acquired education level, necessary qualifications as well as professional prerequisites for the performance of the new position. Other important factors to be considered in this respect are reliability, moral integrity and honesty. These qualities indirectly reduce the risk of a potential abuse of the hiring organization’s sources as well as risk of theft or fraud.

In relation to employment relationship, it is inevitable to determine duties, rights and responsibilities for each employee. Along with such requirements, it is also necessary to define possible sanctions. In the course of employment, regular evaluation of employees gives rise to opportunities intended to prevent dissatisfaction that could lead to the infliction of damage.

Equally important is also providing for regular employee training of employees, which is to be carried out not only to increase their qualifications but also to shape their security awareness, as employees may become targets of attacks or duress from criminal elements. Elimination of such incidents requires development and adoption of unambiguous procedures allowing minimization of impacts associated with potential blackmailing or duress exerted on the organization’s employees.

Employment termination is significant from the perspective of cancellation of the employee’s existing access rights to all sources and assets in the organization. Employees having access to sensitive information must be briefed respectively, and must pledge themselves to maintain secrecy following the employment termination for a pre-defined period of time.

 Third-party employees who acquired access to sensitive information during the performance of their activities pose a significant threat to an organization. In such cases, it is also necessary to adopt measures (as if they were the organization’s own employees). Such measures must be defined by way of a contractual relationship to provide for checking and also sanctioning, if necessary.