Page 714 - StudyBook.pdf
P. 714

698    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery

                 Adding or revoking passwords, privileges, and changes in a person’s employ-
             ment status can affect the person’s security needs dramatically.A person may need
             to have a network account added, disabled, or removed, and other privileges (such
             as access to secure areas) may need to be modified.As will be seen in the following
             paragraphs, adding or revoking passwords, privileges, and other elements of security
             may need to occur under such circumstances as:

                  ■   Resignation

                  ■   Termination
                  ■   New hires
                  ■   Changes in duties or position within the company

                  ■   Investigation
                  ■   Leave of absence

                 HR plays an important role in security, as they need to contact IT staff imme-
             diately of a person’s employment status.When a person is hired, HR needs to con-
             tact IT staff to set up a new network account and password for the person, as well
             as the necessary privileges to access systems and data. In addition, the employee
             may need a corporate ID card, keycard, or other items necessary for the job.When
             a person’s employment is terminated, they quit the company, are suspended, or are
             under investigation, it is equally important to immediately remove any access they
             have to the system. Keeping a person’s account and password active allows them to
             continue to access systems and data. If a terminated person has an active keycard
             and ID, they are also able to enter secure locations. In both cases, the person will
             have the ability to cause massive damage to a company, so network accounts should
             be immediately disabled or deleted, and ID and keycards should be removed from
             the person’s possession or at least rendered inactive.
                 Disabling accounts and passwords should also occur when a person is away
             from a job for extended periods of time.When people are away from the job on
             parental leave, sabbaticals, and other instances of prolonged absence, they do not
             need their accounts to remain active.To prevent others from using the person’s
             account while they are away, the account and password should be disabled immedi-
             ately after the person leaves.
                 When employees are hired, change jobs, or have modified duties, their needs
             for network access also change.When setting up network privileges, it is important
             that employees only receive the minimum access necessary to do their jobs.Any
             additional access is a security risk, as they could purposefully or accidentally view,



          www.syngress.com
   709   710   711   712   713   714   715   716   717   718   719