Tuesday, November 11, 2008

Control over Laid off employee system privileges

Economic hard times mean more layoffs and we are seeing those now in considerable volume. One of the standard controls in IS systems when employees are laid off is to immediately terminate their system privileges. This applies especially to users with particularly strong privileges, such as system administrators. Most IS auditors have recommended a company establish procedures like this when they are lacking. The times now require a renewed focus on this kind of policy. A recent case in point, involving a New York mutual fund, clearly illustrates the risk to those who do not deal with it proactively. Laid off sysadmin arrested for threatening company's servers

No comments: