Welcome » IT Booklets » Information Security » Security Controls Implementation » Personnel Security » Job Descriptions
Job descriptions, employment agreements, and policy awareness
acknowledgements increase accountability for security.
Management can communicate general and specific security roles and
responsibilities for all employees within their job
descriptions. Management should expect all employees,
officers, and contractors to comply with security and
acceptable-use policies and protect the institution's assets,
including information. The job descriptions for security
personnel should describe the systems and processes they will
protect and the control processes for which they are
responsible. Management can take similar steps to ensure
contractors and consultants understand their security
responsibilities as well.