Q

Determining when an employee is a security risk

We are in the process of updating our organization's security policies and have found that we have no clear way of declaring an employee a security risk and no procedures for taking away system access privileges. Do we specify that a certain number of violations under our security policy determines that one is a security risk? Do we use personnel policy or some combination? It is not easy to terminate an employee in my organization....

What about the handling of an employee who has been declared a security risk, but has not yet been terminated?


You have discovered something that is lacking in many organizations. Unfortunately, there is no easy answer.

First off, not every violation of your policy is equally serious. Someone that is simply wasting time surfing the Web for personal business is probably violating your policy, but you wouldn't fire them for a first offense. However, someone that broke into your personnel files and got a copy of the salary list for the company and e-mailed it to all employees would probably be out the door in a hurry.

I would suggest that your policy simply state that violations of your security policies can result in discipline ranging from reprimand through termination. It is then up to management and the personnel department to handle, just like any other violation of non-computer company policy.

If someone has been declared a security risk, they should have all access suspended immediately.

As with all policies that affect personnel issues, you should consult with your General Counsel before implementing any new policy.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Security Policy & Infrastructure
News & Analysis: Destruction from the inside out
Executive Security Briefing: Employees -- Your best defense or your greatest vulnerability


This was first published in April 2001
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close