Page 147 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 147

enforcing an NCA in court is often a difficult battle. The court

                  recognizes the need for a worker to be able to work using the skills
                  and knowledge they have in order to provide for themselves and
                  their families. If the NCA would prevent a person from earning a
                  reasonable income, the courts often invalidate the NCA or prevent
                  its consequences from being realized.

                  Even if an NCA is not always enforceable in court, however, that
                  does not mean it doesn’t have benefits to the original company,

                  such as the following:
                      The threat of a lawsuit because of NCA violations is often

                      sufficient incentive to prevent a worker from violating the
                      terms of secrecy when they seek employment with a new
                      company.

                      If a worker does violate the terms of the NCA, then even
                      without specifically defined consequences being levied by court
                      restrictions, the time and effort, not to mention the cost, of

                      battling the issue in court is a deterrent.

                  Did you sign an NCA when you were hired? If so, do you know the
                  terms and the potential consequences if you break that NCA?



               Throughout the employment lifetime of personnel, managers should
               regularly audit the job descriptions, work tasks, privileges, and
               responsibilities for every staff member. It is common for work tasks
               and privileges to drift over time. This can cause some tasks to be
               overlooked and others to be performed multiple times. Drifting or

               privilege creep can also result in security violations. Regularly
               reviewing the boundaries of each job description in relation to what is
               actually occurring aids in keeping security violations to a minimum.

               A key part of this review process is enforcing mandatory vacations. In
               many secured environments, mandatory vacations of one to two weeks
               are used to audit and verify the work tasks and privileges of
               employees. The vacation removes the employee from the work

               environment and places a different worker in their position, which
               makes it easier to detect abuse, fraud, or negligence on the part of the
               original employee.
   142   143   144   145   146   147   148   149   150   151   152