Proposed Control Procedure to Mitigate the Risks of Strategic Information Outflow in the Recruitment Process

  • Kashif Syed
  • Pavol Zavarsky
  • Dale Lindskog
  • Ron Ruhl
  • Shaun Aghili
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7449)


This research paper focuses on the security of strategic information during the hiring process.  Information control and communication channel vulnerabilities are identified through the process-based risk assessment and human factor analysis. A control procedure is proposed to address these security concerns through system design and information flow improvements in the recruitment process. This proposed control procedure can also serve as a base model for different human resource functions to integrate and create uniformity in risk mitigation to maximize and streamline the management’s efforts and resources in managing the information related risks in different human resource processes.


Recruitment Strategic information Risk assessment Human factor analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Khanmohammadi, K., Houmb, S.H.: Business Process-based Information Security Risk Assessment. In: 4th International Conference on Network and System Security (2010),
  2. 2.
    Shappell, S.A.: The Human Factors Analysis and Classification System (HFACS), National Technical Information Service, Springfield, Virginia (2000),
  3. 3.
    NIST SP 800-53 Rev.3 Recommended Security Controls for Federal Information Systems and Organizations (2009),
  4. 4.
    FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems (2004)Google Scholar
  5. 5.
    Solms, B.V.: Corporate Governance and Information Security. Computer and Security 20, 215–218 (2001)CrossRefGoogle Scholar
  6. 6.
    NIST SP 800-53A Rev.1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans,
  7. 7.
    An Introduction to the Business Model for Information Security. Information Systems Audit and Control Association, ISACA (2009),
  8. 8.
    Catano, V.M., et al.: Recruitment and Selection in Canada, 3rd edn., Toronto, Canada, pp. 3–11. Thomson Nelson (2005)Google Scholar
  9. 9.
    Flouris, T., Yilmaz, K.A.: The risk management framework to strategic human resource management. International Research Journal of Finance and Economics 36 (2010),
  10. 10.
    Rezende, R.V., Carvalho, C.S.: Selection of executives through in-house recruitment. In: Engineering Management Conference, Sao Paolo, pp. 356–359 (1994)Google Scholar
  11. 11.
    Dafoulas, G.A., Nikolau, A., Turega, M.: E-Service in the internet job market. In: 36th Hawaii International Conference on System Sciences (2003),
  12. 12.
    Ruskova, N.: Decision Support System for Human Resource Appraisal and Selection. In: 1st International IEEE Symposium on Intelligent Systems, vol. 1, pp. 354–357 (2002)Google Scholar
  13. 13.
    Dart, D.: What Are the Real Costs of a Bad Hire? Ezine Articles,
  14. 14.
    Yager, F.: Costs of Hiring the Wrong Person Go beyond the Financial. eFinancialCareers (2011),
  15. 15.
    Bardin, J.: The Brave New World of InfoSec, Moving to a Risk-Based Organization – NIST 800-37 Revision 1 (2010),
  16. 16.
    Barner, R.: Talent Wars in the Executive Suite. The Futurist 34(3), 35 (2000), Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Kashif Syed
    • 1
  • Pavol Zavarsky
    • 2
  • Dale Lindskog
    • 2
  • Ron Ruhl
    • 2
  • Shaun Aghili
    • 2
  1. 1.Risk and Compliance DepartmentRegional Municipality of Wood BuffaloFort McMurrayCanada
  2. 2.Information Systems Security ManagementConcordia University College of AlbertaEdmontonCanada

Personalised recommendations