Page 148 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 148

Onboarding and Termination Processes


               Onboarding is the process of adding new employees to the identity
               and access management (IAM) system of an organization. The
               onboarding process is also used when an employee’s role or position
               changes or when that person is awarded additional levels of privilege
               or access.

               Offboarding is the reverse of this process. It is the removal of an

               employee’s identity from the IAM system once that person has left the
               organization. This can include disabling and/or deleting the user
               account, revoking certificates, canceling access codes, and terminating
               other specifically granted privileges. This may also include informing
               security guards and other physical access management personnel to
               disallow entry into the building to the person in the future.

               The procedures for onboarding and offboarding should be clearly

               documented in order to ensure consistency of application as well as
               compliance with regulations or contractual obligations.

               Onboarding can also refer to organizational socialization. This is the
               process by which new employees are trained in order to be properly
               prepared for performing their job responsibilities. It can include
               training, job skill acquisition, and behavioral adaptation in an effort to
               integrate employees efficiently into existing organizational processes

               and procedures. Well-designed onboarding can result in higher levels
               of job satisfaction, higher levels of productivity, faster integration with
               existing workers, a rise in organizational loyalty, stress reduction, and
               a decreased occurrence of resignation. Another benefit of well-
               designed onboarding, in the context of separation of duties and job

               responsibilities, is that it applies the principle of least privilege as
               previously discussed.

               When an employee must be terminated or offboarded, numerous
               issues must be addressed. A strong relationship between the security
               department and human resources (HR) is essential to maintain
               control and minimize risks during termination. An employee
               termination process or procedure policy is essential to maintaining a

               secure environment when a disgruntled employee must be removed
               from the organization. The reactions of terminated employees can
   143   144   145   146   147   148   149   150   151   152   153