Very good, John!

I would add:
Don't make the mistake of distributing a new emergency telephone list (the one NOT containing this guy's name...) BEFORE he is terminated!

<lol>

- sjl


----- Original Message ----- From: "John Earl" <john.earl@xxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Tuesday, July 03, 2007 1:17 PM
Subject: RE: Preparing for a High-profile Termination


Hi Steve,

This is from something I put together some time ago -

Deny physical access:
-At termination, escort the individual while on premises and deny them
physical access to computers terminals systems.
- Remind all staff that under no circumstances are they to allow anyone
else to use their computer or (especially) their ID (I would not single
out this individual in the note).
-Recover company property such as keys, computers, access tokens,
manuals, data, software, credit cards, etc.

Deny Network Access
-Disable the all of the user's known accounts and passwords.
-Remove Special authorities and high-powered groups from the user
profile (if change control was sloppy, this could negatively impact
production).
-Depending on the perceived impact to production systems, work to
specifically exclude the User Profile from production libraries systems.
-Review dormant profiles and disable or change those profiles that can
be changed.
-Consider changing default passwords that the user may know (passwords
embedded in programs, etc. This may require programming changes).
-Depending on the risk profile, consider mandating that all users change
their passwords to eliminate the risk of "known" passwords.
-Review external connections such as wireless lans, VPN's dialup
connections, and vendor connections.

Monitor the user profile
-Turn on auditing for the user profile.
-Regularly review profile activity in the coming days and weeks.
-If you have automated monitoring software, send an alert anytime the
profile is used, or an attempt is made to sign on with the profile.


Remove agent rights
-Review the employee's status as an agent of the company.
-Notify vendors of the employee's separation. Ask them to revoke any
access to their systems
-If Employee has access to customer's accounts, notify and request
access be removed.
-Change passwords at vendor and customer accounts to prevent further
access by former employee.

HTH,

jte

--
John Earl, VP and Chief Technology Officer
PowerTech: 253-872-7788
Direct: 253-479-1408
Mobile: 206-669-3336
John.Earl@xxxxxxxxxxxxx




Email is an excellent way to communicate material that is not time
sensitive. If your communication is of a more urgent nature, please
call.

===========================
This email message and any attachments are intended only for the use of
the intended recipient named above and may contain information that is
privileged and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message or by telephone and delete the
message from your email system. Thank you.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
bounces@xxxxxxxxxxxx] On Behalf Of Steve Martinson
Sent: Tuesday, July 03, 2007 9:30 AM
To: midrange forum
Subject: Preparing for a High-profile Termination

Situation:

High-profile, knowledgeable staff member soon to be terminated
(employment, not by Ahh-nold); has "keys to the kingdom" for both the
System i and the network; likely knows passwords for many service
and/or
utility profiles on the iSeries.

Requirement:

Prior to term date, analyze system for vulnerabilities associated with
a
position like the one described above and prepare a task list that
will
address the situation both before and after the termination.

Areas to be reviewed include system values, network attributes (exit
points too), directory entries, SST, job descriptions, subsystem
routing
entries, all user and group profile parameters and their implications,
authorities to libraries, directory (WRKLNK) authorities, etc.

Can anyone think of anything else that could be a critical hole that
should be reviewed/covered?

Best regards and TIA,

Steven W. Martinson, CISSP, CISM
Sheshunoff Management Services, LP.
Senior Consultant - Technology & Risk Management
2801 Via Fortuna, Suite 600 | Austin, TX 78746
Direct: 281.758.2429 | Mobile: 512.779.2630
e.Mail: smartinson@xxxxxxxxx




________________________________________________________________________
__
__________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.