ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Human Resources Strategy and Development Final Exam Study Guide

Updated on December 31, 2016

Final Exam Questions

1. How would you communicate a data security policy that required software checking of employees’ emails?
2. What elements should a data security policy for a bank include?
3. Employee data theft most frequently occurs with new employees or when an employee has given notice and is leaving. How would you deal with these two very different issues?

Case Study: Data Security

Communicating a Data Security Policy

If I was put in charge of communicating a data security policy that that required software checking of employees’ emails, the first thing I would do would be to make sure I fully understand the policy myself. I would be unable to effectively communicate the new policy to the employees if I did not fully understand it myself; if I had any questions about the policy I would speak to the human resources professional in charge of the policy for clarification. Once I had a full understanding of the policy I would set up employee meetings by department.

I would begin each meeting by discussing risk management; I would explain that risk management “involves responsibilities to consider physical, human, and financial factors to protect organizational and individual interests” and that the goal is to not only protect company information, but also employee information (Mathis, Jackson, & Valentine, 2014, p. 482). Once I ensured that the employees understood risk management I would then introduce the data security policy that utilizes software checking of employees’ emails. I would describe the policy completely and inform the employees that the policy is being put in place to prevent both company and personal data from being stolen or leaked. I would then open the floor to any questions the employees had on the new policy. Once all the questions had been answered I would pass out a form for all the employees to sign and date stating that they understood the policy and gave their consent to the company. To ensure that future employee meetings to discuss the policy are not required, I would add the policy to all future employment contracts.

Elements of a Bank’s Data Security Policy

When considering the elements needed for a data security plan for a bank, it is important to first understand what a data security policy is. A data security policy is defined as:

“A set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization's boundaries of authority”(Techopedia, n.d.).

Understanding that the data security policy is in fact not just one policy, but a set of policies, means that different policies can be written for the various areas of risk management. For instance, one policy should be written to allow the data security program to determine the vulnerabilities in the bank’s internal and external software. Another security policy should be created to deal with the vulnerabilities found in the bank’s internal security and another for the bank’s external security. A separate policy should be written to help reduce data security problems that come with human error; this policy would involve training the bank’s employees in computer security. The data security program should also include a data recovery program or a data backup that allows the bank to recover information or have access to uncorrupted data in the event of a virus or data corruption. Lastly, there need to be a policy that focuses on the risk management of the employees themselves; this policy would need to factor in the health, safety, and security of the bank’s employees in order to determine the risk factor of each employee. The employees with higher risk factors would require extra data security or monitoring based on the elements of their high risk level.

Employee Data Theft Solutions

Employee data theft most frequently occurs with new employees or when an employee has given notice and is leaving. These two issues, while very different, can be dealt with in a similar manner. A data security policy is “often considered to be a living document, meaning that the document is never finished, but is continuously updated as technology and employee requirements change” (TechTarget, n.d.). This means that the data security policy can be updated to factor in data theft from new employees as well as employees who are leaving the company or organization.

When dealing with new employees that data security policy would be updated to factor in a higher risk factor for the first six months of employment. This would mean that all new employees would be on a type of probation for the first six months where they would be monitored more closely than other employees. For the first six months the employees would also not be allowed to bring work materials home or burn any sort of data to a disk, flash drive, or any other type of storage without direct authorization from a human resources professional. After the six month period had passed each employees risk level would be reevaluated to determine if the employee’s extra monitoring could be stopped or if it was still needed due to an elevated risk level. All employment contracts would be written to include the fact that all employees agree to allow the employer to observe and monitor their data usage while at work; the contract would clearly outline the fact that employees could be fired for insider trading, industrial espionage, and/or sharing of confidential information.

Employees that had given their noticed, were being laid off, or fired, would present an increased risk level for data theft based off of their reason for leaving and where they were going. For instance, a pregnant woman or mother/father who was leaving to become a stay at home parent would not present as high a risk level as an employee that was leaving for a position at a rival company. Based on the risk level of the employee different security policies would need to be implemented to protect the company from data theft. In the same way that new employees receive an increased level of security monitoring during their first six months of employment so would the employees that were leaving for the remainder of their employment. This would mean that they would be unable to copy data or bring home documents without authorization and their computers would have an extra daily security sweep to look for viruses, computer tampering, and/or deletion of important data. If the employee did any of these actions without authorization, a full investigation would be performed with possible legal action depending on the findings of the investigation.


Mathis, R. L., Jackson, J. H., & Valentine, S. (2014). Human resource management (14th ed.).

Singapore: Cengage Learning Editores.

Techopedia. (n.d.). Information Security Policy. Retrieved from

TechTarget. (n.d.). Security Policy. Retrieved from


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)