PrepAway - Latest Free Exam Questions & Answers

Which choice below MOST accurately describes the organization’s responsibilities during an unfriendly te

Which choice below MOST accurately describes the organization’s
responsibilities during an unfriendly termination?

PrepAway - Latest Free Exam Questions & Answers

A.
The employee should be given time to remove whatever files he
needs from the network.

B.
Cryptographic keys can remain the employee’s property.

C.
System access should be removed as quickly as possible after
termination.

D.
Physical removal from the offices would never be necessary.

Explanation:
Friendly terminations should be accomplished by implementing a
standard set of procedures for outgoing or transferring employees.
This normally includes:
Removal of access privileges, computer accounts, authentication
tokens.
The control of keys.
The briefing on the continuing responsibilities for confidentiality
and privacy.
Return of property.
Continued availability of data. In both the manual and the electronic
worlds this may involve documenting procedures or filing
schemes, such as how documents are stored on the hard disk,
and how they are backed up. Employees should be instructed
whether or not to clean up their PC before leaving.
If cryptography is used to protect data, the availability of cryptographic
keys to management personnel must be ensured.
Given the potential for adverse consequences during an unfriendly
termination, organizations should do the following:
System access should be terminated as quickly as possible when
an employee is leaving a position under less-than-friendly terms.
If employees are to be fired, system access should be removed at
the same time (or just before) the employees are notified of their
dismissal.
When an employee notifies an organization of the resignation
and it can be reasonably expected that it is on unfriendly terms,

system access should be immediately terminated.
During the notice of termination period, it may be necessary to
assign the individual to a restricted area and function. This may
be particularly true for employees capable of changing programs
or modifying the system or applications.
In some cases, physical removal from the offices may be necessary.
Source: NIST Special Publication 800-14 Generally Accepted Principles
and Practices for Securing Information Technology Systems.


Leave a Reply