The incident response (IR) team in your company submitted an urgent human resource request for a security analyst. The job description of a security analyst requires at least five years of work experience and the CISSP certificate. Nawwar is an experienced network engineer with ten years of experience and the CISSP certificate. The head of the IR team proposed to hire Nawwar as soon as possible. As a security professional, which of the following suggestion will you make to the Human Resources department first?
A. Make a contingent offer of employment
B. Ask for drug testing
C. Hire a professional organization to do a criminal background check
D. Conduct a reference check
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Conduct a reference check.
If the company is considering to make a job offer to Nawwar, background check will be conducted. However, drug test and criminal records are related to privacy (PHI and PII). It needs Nawwar’s consent. Some states in the United States require contingent offer be made before criminal background check. It complicates the situation to transfer privacy data to external organizations. Moreover, it’s costly to hire a professional organization to do a criminal background check.
I will suggest to conduct reference check first, make a contingent offer, conduct criminal background check, and drug test in terms of effectiveness, hiring risk, and costs.