Enlisting human resources to mitigate information security risks

The purpose of this paper is to suggest ways to integrate human resources (HR) and information security management (ISM) within a firm to help reduce expensive and embarrassing failures in information security breaches.,This paper is written for the practitioners. It includes a general review of literature in information technology and HR to help explain ways to decrease the chance of ISM failures.,Employees often become careless about information security in the workplace, and the threat to corporate information systems is serious. Although security training is essential, a more comprehensive approach to addressing the security issue is needed. As human factors account for most security breaches, including HR personnel as a partner with IT may help address some of the weaknesses that training alone cannot resolve.,This paper discusses the human factors that cause information technology breaches and how combining HR practices and ISM may generate a competitive advantage for the organization. This paper then offers practical suggestions that HR may use to help with ISM issues.