New-Hire Onboarding and Information Security

New employees, full-time or non-employee contractors, present a number of risks in regards to information security. These risks can be mitigated with well-designed and thorough interview and onboarding processes. An organization’s human resources department must have guidelines in place for interviewers and hiring managers to follow to allow for high-risk potential candidates to be filtered out prior to hiring. The importance of information security as part of the hiring process is so important; the PCI Security Council has implemented a section in hits reference guide to maintain PCI compliance. PCI-DSS Section 12.7 states, “Screen employees prior to hire to minimize the risk of attacks from internal sources” (PCI Quick Reference Guide, 2009, p. 24).
Interviews, background checks, and in the case of non-employee contractors and some employment scenarios, employment contracts are all used to identify new employees and contractors that have minimal risks to information security. An organization’s information security department will work with human resources to develop the policies and guidelines that will assist in the hiring selection process.
The need for Information Security in Hiring
“People are often described as the weakest link in any security system” ("Human Resources Security (ISO 8) - Information Security Guide - Internet2 Wiki", n.d.). This quote sums up the importance of verifying a candidate’s risk level prior to hiring. An organization’s information assets are critical to the organization’s operation and security. In addition to validating a candidate’s legitimacy, the interviewers and hiring managers must be careful to not divulge too much information during the hiring process that may put the organization’s syst...

... middle of paper ...

...cess, information security must be continuously communicated to employees through standard communication channels as well as ongoing training. By using these tools, an organization can prevent the hire of potential threats to its information and physical assets.

Human Resources Security (ISO 8) - Information Security Guide - Internet2 Wiki. (n.d.). Retrieved April 10, 2014, from

Nixon, W. B., & Kerr, K. M. (2008). Background screening and investigations: Managing hiring risk from the HR and security perspectives. Amsterdam: Butterworth-Heinemann.

PCI quick reference guide. (2009). Retrieved from

Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Boston, Mass: Thomson Course Technology.

More about New-Hire Onboarding and Information Security

Get Access