Ask the Expert

Determining when an employee is a security risk

We are in the process of updating our organization's security policies and have found that we have no clear way of declaring an employee a security risk and no procedures for taking away system access privileges. Do we specify that a certain number of violations under our security policy determines that one is a security risk? Do we use personnel policy or some combination? It is not easy to terminate an employee in my organization. What about the handling of an employee who has been declared a security risk, but has not yet been terminated?


    Requires Free Membership to View

have discovered something that is lacking in many organizations. Unfortunately, there is no easy answer.

First off, not every violation of your policy is equally serious. Someone that is simply wasting time surfing the Web for personal business is probably violating your policy, but you wouldn't fire them for a first offense. However, someone that broke into your personnel files and got a copy of the salary list for the company and e-mailed it to all employees would probably be out the door in a hurry.

I would suggest that your policy simply state that violations of your security policies can result in discipline ranging from reprimand through termination. It is then up to management and the personnel department to handle, just like any other violation of non-computer company policy.

If someone has been declared a security risk, they should have all access suspended immediately.

As with all policies that affect personnel issues, you should consult with your General Counsel before implementing any new policy.

For more information on this topic, visit these other resources:
Best Web Links: Security Policy & Infrastructure
News & Analysis: Destruction from the inside out
Executive Security Briefing: Employees -- Your best defense or your greatest vulnerability

This was first published in April 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: