Home > Managing Human Resources: Termination Procedures
Book Chapter:
EMAIL THIS LICENSING & REPRINTS

Managing Human Resources: Termination Procedures

04 Oct 2005 | 29th Street Press

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The Little Black of Computer Security

By Joel Dubin

150 pages; $19.95

29th Street Press


In this excerpt from Chapter 6 of The Little Black Book of Computer Security, author Joel Dubin provides an outline of security measures to take when terminating an employee.

You do the best to hire the best, but even then, employees sometimes need to be terminated. Regardless of whether the reason is performance-based or due to business losses, you should employ the following safeguards to protect your IT environment:

1. Review all your termination procedures with the legal and human-resources departments, and obtain
    their approval.

2. Take the following steps prior to terminating an employee:
     2.1. Inventory all systems, networks, applications, and data that the employee has access to.
     2.2. Check whether any unauthorized or rogue hardware or software exists on the employee's systems.
     2.3. List all the employee's user and administrative accounts.
             2.3.1. Particularly note any administrative accounts that include special privileges.
     2.4. Check whether any orphaned accounts exist, and if so, trace their ownership. If they are no longer being
             used, shut them down.
     2.5. Coordinate the termination date and time with the IT-security, building-security, and human-resources
             departments. If possible, plan for a time when the system will not be busy, so the IT staff can disable
             the employee's accounts without distractions.

3. Quickly take the following steps at the moment of termination (before the employee is out the door,
    if possible):
    3.1. Remove all physical access devices (badges, ID cards, access tokens, keys, and card keys) from the
           employee's possession.
More information

Download Chapter 6

Recommend your favorite security titles

Learn more about baking security into business processes

Visit the Information Security Bookshelf for more excerpts

    3.2. Remove any network-access software, such as VPN clients and
            RAS software, from the employee's possession.
    3.3. Lock out access to the employee's workstation.
    3.4. Cancel and remove all system and network accounts.
    3.5. Escort the employee from the premises.

4. After termination, be sure that the IT staff checks the logs of the
    previously inventoried systems for any entry attempts by the
    terminated employee.
    4.1. Add rules to any Intrusion Detection Systems for checking the
           same.

5. If the person was employed either by the IT department or as a
    software developer with access to restricted systems, create
    backups of network configurations and crucial applications or data. In case of sabotage, you will then be
    able to quickly rebuild the damaged network or system.

Download Chapter 6, Managing Human Resources, to learn more about secure managment practices.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Insider Threats
Societe Generale bolsters internal controls, discovers second insider
Information security book excerpts and reviews
I am concerned that a former employee will utilize corporate information in a malicious way.
Security pros focused on internal threat, training
Reasearch on Coding Backdoors Presents Ugly Picture
Deloitte survey finds overconfidence, lack of planning on security
Data loss prevention from the inside out
Insider dangers
Survey finds access control problems at many firms
Societe Generale: A cautionary tale of insider threats

Social Engineering
Combat social engineering the 'Carnegie' way
Quiz: Anatomy of an attack
Countermeasures against targeted attacks in the enterprise
Stolen data ending up in Google cache, say researchers
Information security book excerpts and reviews
Should social engineering tests be included in penetration testing?
What kind of data is compromised during a Google hack?
How Russia became a malware hornet's nest
Are senior level executives a target for social engineering attacks?
How does a mail server respond to fake email addresses?

Creating a Security Culture
How to get information security buy-in from the executive team
Sound compliance policies, practices reduce legal costs
Can home PCs provide a way for viruses and spyware to enter a corporate LAN?
Unified communications trigger data leakage dangers, survey finds
Security Awareness Training Essential Part of Infosec Program
Societe Generale bolsters internal controls, discovers second insider
Companies still monitoring email manually, survey finds
Trading firms rethink risk strategy
I am concerned that a former employee will utilize corporate information in a malicious way.
Security, Privacy Offices Must Combine Resources

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
insider threat  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts