Basically, there are two ways to do that revocation. The first is via brute force: going into every system and...
removing the access rights of employees who are no longer with the company. The other -- and better -- way to solve the problem is via a provisioning environment that will let you remove access cleanly and completely. By automating provisioning, you not only gain leverage in bringing new users on board, but by scripting the removal of all user accounts and access rights you also make sure that there are no loose ends remaining when the employees of the divested company are moved to new systems.
There's also the risk of data leakage in a divestiture. In many cases, information leakage is more accidental than malicious. Nonetheless, always make sure critical intellectual property does not go with employees to their new shop -- unless it's part of the deal anyway. It's not clear that software would effectively solve the problem, so you need to make sure there is a process in place to identify and protect data that should not be leaving your environment.
At a high level, the data protection process involves first understanding what data needs to be protected. I know it sounds simple, but a lot of organizations don't have a general understanding of what important data is. Then it's a matter of figuring out how that data should be protected. If software isn't going to work (especially in a divestiture situation), it comes down to training users and reinforcing what the corporation's data leakage policies are.
Finally an organization may want to look at a service that tracks how data appears on the Internet. Companies like Cyveillance Inc. can look for certain types of data and pinpoint potential data leakage and data misuse.
For more information:
Dig Deeper on Data security strategies and governance
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ...continue reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.