Documentation and Human Resources Management

  • Propose the draft of main information security documents – e.g., Information security policy, classification policy, access control policy, acceptable use of assets, risk assessment and risk treatment methodology, statement of applicability, risk treatment plan, etc.
  • Be responsible for reviewing and updating main documents
  • Perform background verification checks of job candidates
  • Prepare the training and awareness plan for information security
  • Perform continuous activities related to awareness raising
  • Performing induction training on security topics for new employees
  • Propose disciplinary actions against employees who performed the security breach

Source :