Page 150 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 150
immediately upon termination, it should be conducted as soon as
possible. The primary purpose of the exit interview is to review the
liabilities and restrictions placed on the former employee based on the
employment agreement, nondisclosure agreement, and any other
security-related documentation.
The following list includes some other issues that should be handled as
soon as possible:
Make sure the employee returns any organizational equipment or
supplies from their vehicle or home.
Remove or disable the employee’s network user account.
Notify human resources to issue a final paycheck, pay any unused
vacation time, and terminate benefit coverage.
Arrange for a member of the security department to accompany the
released employee while they gather their personal belongings
from the work area.
Inform all security personnel and anyone else who watches or
monitors any entrance point to ensure that the ex-employee does
not attempt to reenter the building without an escort.
In most cases, you should disable or remove an employee’s system
access at the same time as or just before they are notified of being
terminated. This is especially true if that employee is capable of
accessing confidential data or has the expertise or access to alter or
damage data or services. Failing to restrict released employees’
activities can leave your organization open to a wide range of
vulnerabilities, including theft and destruction of both physical
property and logical data.
Firing: Not Just a Pink Slip Anymore
Firing an employee has become a complex process. Gone are the
days of firing merely by placing a pink slip in an employee’s mail
slot. In most IT-centric organizations, termination can create a
