Home > Ask the Security Experts > Questions & Answers > Determining when an employee is a security risk
Ask The Security Expert: Questions & Answers
EMAIL THIS

Determining when an employee is a security risk

Stephen Mencik EXPERT RESPONSE FROM: Stephen Mencik

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 April 2001
We are in the process of updating our organization's security policies and have found that we have no clear way of declaring an employee a security risk and no procedures for taking away system access privileges. Do we specify that a certain number of violations under our security policy determines that one is a security risk? Do we use personnel policy or some combination? It is not easy to terminate an employee in my organization. What about the handling of an employee who has been declared a security risk, but has not yet been terminated?

>
You have discovered something that is lacking in many organizations. Unfortunately, there is no easy answer.

First off, not every violation of your policy is equally serious. Someone that is simply wasting time surfing the Web for personal business is probably violating your policy, but you wouldn't fire them for a first offense. However, someone that broke into your personnel files and got a copy of the salary list for the company and e-mailed it to all employees would probably be out the door in a hurry.

I would suggest that your policy simply state that violations of your security policies can result in discipline ranging from reprimand through termination. It is then up to management and the personnel department to handle, just like any other violation of non-computer company policy.

If someone has been declared a security risk, they should have all access suspended immediately.

As with all policies that affect personnel issues, you should consult with your General Counsel before implementing any new policy.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Security Policy & Infrastructure
News & Analysis: Destruction from the inside out
Executive Security Briefing: Employees -- Your best defense or your greatest vulnerability

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts