Scribd Logo
Carica

Benvenuto in Scribd!

  • Human Resource Information System

    Caricato da

    mohammed salman
    17 visualizzazioni18 pagine

    Titolo originale

    HR_Module5

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    17 visualizzazioni18 pagine

    Human Resource Information System

    Caricato da

    mohammed salman

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 18

    Human Resource Information System

    Module 5
    Part 1

    1
    Information privacy and security in
    HRIS
    Information security and privacy are particularly important
    issues for HRIS because it includes a great deal of confidential
    data about employees such as bank account data, salaries,
    performance evaluations, etc.

    2
    Information privacy and security in
    HRIS
    Thirty years ago, the security of information was mainly
    considered as the security of the physical location and the
    access was easily restricted through physical access and
    passwords. But from 1990 onwards, computer networks
    became more common and the threats to information
    security became more involved due to the presence of
    enterprise wide systems.

    3
    Information privacy and security in
    HRIS
    The major concerns about the privacy of employee data are:
    •Unauthorized access to information
    •Unauthorized disclosure of information
    •Data accuracy issues
    •Stigmatization of individuals

    4
    Unauthorized access to information
    Since HRIS holds important information about the employee,
    the unauthorized access will lead to theft of personal
    information and other confidential information such as bank
    account details.
    As per various studies, several companies store medical and
    prescription drug information about employees. The
    information may be released to insurance companies and
    future employers.

    5
    Unauthorized disclosure of information
    Another concern is about the unauthorized disclosure of
    information about the employees to others. According to
    research, several employers disclose employment/employee
    data to creditors, charitable organizations, etc. Some
    organizations sell data to recruiting websites. The use of HRIS
    make it much easier to disseminate employee information,
    especially in private sector organizations. This may result in
    negative outcomes for employees if data collected for one
    purpose are used for other purposes.

    6
    Data accuracy problems
    Employees are also troubled about data accuracy because HRIS
    may contain inaccurate or outdated information about them.
    Individuals are often unaware that data in these systems are
    inaccurate, and many organizations do not give them the
    opportunity to review or correct data stored in HRIS.
    The storage and use of inaccurate data in an HRIS may have a
    negative effect on both organizations and individuals. For
    example, the inaccurate data on the systems may lead to
    erroneous decision regarding the promotion of a highly
    qualified person.
    7
    Stigmatization Problems
    Employees are often uneasy about the use of HRISs especially
    when they feel that networked data may lead to them to be
    stigmatized in the employment process. For example, an
    employee who had a below average performance ratings very
    early in his/her career may have difficulty with these data. It
    may negatively affect subsequent decisions about him or her.
    As a result, the employee’s advancement and career
    development opportunities may be negatively affected by
    data that have no bearing on his or her present-day job
    performance.
    8
    Information security
    Information security has been defined as the protection
    afforded to an automated information system in order to
    attain the applicable objectives of preserving the
    confidentiality, integrity and availability of information system
    resources.

    9
    Information security
    The National Security Telecommunications and Information
    Systems Security Committee (NSTISSC) security model, also
    known as the McCumber Cube provides a more detailed
    perspective on security. It provides a graphical
    representation of the architectural approach widely used in
    information security.

    10
    Information security

    11
    McCumber cube – the three dimensions
    and their attributes
    1. Desired information goals
    2. State of information
    3. countermeasures

    12
    McCumber cube – the three dimensions
    and their attributes
    1. Desired information goals
    1. Confidentiality assures that private data is kept safe from
    unauthorized individuals
    2. Integrity assures that data and programs are created and
    modified in a specified and authorized manner.
    3. Availability assures that systems work and service is provided
    promptly to those who are authorized to use them.

    13
    McCumber cube – the three dimensions
    and their attributes
    2. State of information
    • Storage is an inactive state of data that is waiting to be
    accessed.
    • Processing is a state in which data is being actively
    examined or modified
    • Transmission is a state in which data is moving.

    14
    McCumber cube – the three dimensions
    and their attributes
    3. Countermeasures – identify mechanism that can be used
    to protect data
    • Technology is the use of hardware and softare to limit
    threats to data
    • Policy and practices is the use of procedures that mitigate
    risk or eliminate the possibility of threats
    • Human factors revolve around giving each consumer of
    data the knowledge of how to identify and handle threats

    15
    Security Threat – sources
    1. Human error – when an HRIS is not well-designed,
    developed and maintained and employees are not
    adequately trained, there is a high potential threat of
    security breaches.
    2. Disgruntled employees an ex-employees – the information
    may be damaged by disgruntled employees. This is
    commonly referred to as an insider threat. Employees and
    ex-employees are dangerous since they have extensive
    knowledge of systems and have the credentials needed to
    access sensitive parts of systems.
    16
    Security Threat – sources
    3. Other internal attackers
    Many businesses hire contract workers, who work for the organization
    for a short period. Contract workers usually gain temporary access
    to various critical areas of an organization. This creates risks almost
    identical to those created by employees.
    4. External hackers
    Another significant threat is the penetration of organizational computer
    systems by hackers. Such attacks known as intrusion is dangerous
    because, once the hacker has successfully bypassed the network
    security, he/she will be free to damage, manipulate or steal data.
    17
    Security Threat – sources
    5. Natural disasters
    Natural disasters like floods, earthquakes, fires, etc. may
    destroy or disrupt computing facilities and information
    flow.

    18

    Potrebbero piacerti anche