Q

Determining when an employee is a security risk

We are in the process of updating our organization's security policies and have found that we have no clear way...

of declaring an employee a security risk and no procedures for taking away system access privileges. Do we specify that a certain number of violations under our security policy determines that one is a security risk? Do we use personnel policy or some combination? It is not easy to terminate an employee in my organization. What about the handling of an employee who has been declared a security risk, but has not yet been terminated?


You have discovered something that is lacking in many organizations. Unfortunately, there is no easy answer.

First off, not every violation of your policy is equally serious. Someone that is simply wasting time surfing the Web for personal business is probably violating your policy, but you wouldn't fire them for a first offense. However, someone that broke into your personnel files and got a copy of the salary list for the company and e-mailed it to all employees would probably be out the door in a hurry.

I would suggest that your policy simply state that violations of your security policies can result in discipline ranging from reprimand through termination. It is then up to management and the personnel department to handle, just like any other violation of non-computer company policy.

If someone has been declared a security risk, they should have all access suspended immediately.

As with all policies that affect personnel issues, you should consult with your General Counsel before implementing any new policy.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Security Policy & Infrastructure
News & Analysis: Destruction from the inside out
Executive Security Briefing: Employees -- Your best defense or your greatest vulnerability


This was last published in April 2001

Dig Deeper on Security Awareness Training and Internal Threats-Information

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close