Stitcher for Podcasts

Get the App Open App
Bummer! You're not a
Stitcher Premium subscriber yet.
Learn More
Start Free Trial
$4.99/Month after free trial
HELP

Show Info

Episode Info

Episode Info:

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey

http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey

http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/

C-IT Recommendation

  1. Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization.
    1. Use Role based Access Control. Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
    2. Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
      1. ex: Database Administrator should not have the rights of the Operating System Administrator
  2. Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have  unnecessary access should have privileged access be immediately removed.

Article Resources

Intermedia Report on Rogue Access

http://www.multivu.com/players/English/7281751-intermedia-s-2014-smb-rogue-access-study-security-threat-posted-by-former-employees/

Role Based Access Control (has links to other resources including the  “Economic Benefits of Role Based Access Control”)

http://csrc.nist.gov/groups/SNS/rbac/

 

Read more »

Discover more stories like this.

Like Stitcher On Facebook

EMBED

Episode Options

Listen Whenever

Similar Episodes

Related Episodes