Re: Handling Sysads resignation/termination

From: Michael Hammer (dotzero_at_gmail.com)
Date: 08/03/05

  • Next message: Marriott, Bill (US - Dallas): "RE: Is there any way to measure IT Security??"
    Date: Wed, 3 Aug 2005 15:33:35 -0400
    To: pen-test@securityfocus.com
    
    

    1) You cannot prove a negative. You need to rely on the competency of
    your remaining people to deal with any issues that may occur.
    Note: This is why I will not touch a system from a place I have left
    even if I am asked to. I recommend (in writing) that all passwords be
    changed and appropriate security measures be taken once I have left.
    It doesn't matter who decided to part ways and whether it is on good
    terms or not.

    2) It is important to get a signature on a document that acknowledges
    that the person has not taken any steps to alter systems, data, etc.
    This cuts to the heart of intent if there is a problem alter on. In
    response to Susan Bradleys point, this is why signing the document is
    usually tied to any severence package being offered.

    3) The document should also address any intellectual property and
    non-compete issues. Even if the person has not done any tampering they
    still have a lot of information sitting in their head. This might be
    useful to a competitor or simply harmful to the company if released
    into the wild.

    This process does not have to be done in a heavy handed way but should
    be done in a way that makes it clear that the company is paying
    attention.

    Just my 2 cents having been on both sides of the table.

    Mike

    ------------------------------------------------------------------------------
    FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

    Learn the hacker's secrets that compromise wireless LANs. Secure your
    WLAN by understanding these threats, available hacking tools and proven
    countermeasures. Defend your WLAN against man-in-the-Middle attacks and
    session hijacking, denial-of-service, rogue access points, identity
    thefts and MAC spoofing. Request your complimentary white paper at:

    http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
    -------------------------------------------------------------------------------


  • Next message: Marriott, Bill (US - Dallas): "RE: Is there any way to measure IT Security??"