While the web site http://www.cio.com has some great reading on the overall topic termination, in this work we are concerned with your job as an IT person. And it wouldnt hurt you any to follow the footnote to a specific article438.
Since we are talking about Security+, it would be a reasonable bet to take certain computer security related precautions when someones employment is terminated. Going back to the concepts of need to know and least privilege, once someone is no longer employed by the organization, they no longer require access to internal systems, and are no longer subject to internal policies regarding the use of those systems.
Much of security involves reducing the risks by thinking What if ? and taking actions to reduce the probability of that result. In the case of terminations, if the decision originates with the organization rather than the employee, many policies recommend that the employees computer access be disabled before the employee is notified439.
The idea is that if the employee no longer has computer access, he or she cannot go back in and steal confidential data, install logic bombs to trigger a few weeks from today, etc. There is some debate about this in professional circles, with other experts chiming in to say that if no cause is involved (for example, if the termination is due to a financially-motivated layoff rather than an employee misdeed), you can cause more potential harm than good with this policy, by engendering ill will on the part of the terminated employee. Remember, that systems administrator you just RIFd, who wanted a copy of his current login script, probably knows at least one vulnerability in your network for which vendors have not yet provided a fix. Legally speaking, youre probably on safer ground locking employees out of the system prior to termination. Practically speaking, were not sure that that doesnt increase, rather than decrease, your actual risk.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.