We are updating our organization's security policies and found that we don't have a clear way of declaring an employee a security risk or procedures for taking away system access privileges. Do we specify that after a certain number of violations one is a security risk? Do we use personnel policy or some combination of the two? It is not easy to terminate an employee in my organization, so how should we handle an employee who has been declared a security risk, but has not yet been terminated?
To address such issues, the security group, HR and management should work together to define and enforce these policies. Let's review some employee termination procedures.
Before you begin, make sure you have management's support. Management is responsible for selecting the appropriate people to work together on this task. Management and HR should oversee the enforcement of proper employee behavior and the security group should help develop the necessary policies, standards, guidelines and procedures. The security group should also assist with the development of training procedures and conduct training seminars, so if an incident occurs, the organization will be able to handle the situation.
This Step-by-Step Guide provides specific strategies for building a structure for dealing with employees even before they are hired.
Ask the Expert Step-by-Step Guide: Employee termination procedure
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from Shon Harris
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ... Continue Reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ... Continue Reading
Is your organization capable of having true information security governance? In our expert Q&A, Shon Harris reveals the ideal components of a ... Continue Reading