X hits on this document

77 views

0 shares

0 downloads

0 comments

3 / 28

Executive overview

In today's dynamic business environments, an organization develops relationships with its customers, contractors, and business partners at a faster pace than ever before. The IBM® Smart IT Infrastructure1 initiative is designed to take these challenges head on, making the IT infrastructure as nimble and resilient as the organization needs it to be.

One of the major concerns across all types of organizations is the need to remove access to IT assets as quickly as possible when a relationship with an employee, contractor, or business is ended, especially if the relationship ends on less then congenial terms. As we note later in this guide, surveys from the Ponemon Institute2 have shown that even loyal employees are tempted to steal data and commit malicious acts when they leave an organization.

In this IBM Redguide™ publication, we discuss processes and procedures for offboarding individuals to help ensure that the access and entitlements are removed in a timely fashion to mitigate risks of data theft and other malicious activity.

In “Introducing the IBM Security Framework and IBM Security Blueprint” on page 2, we introduce the IBM Security Framework and the IBM Security Blueprint because these are used for our offboarding discussion to ensure that all important aspects are addressed. In the IBM Redbooks® publication Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security, REDP-4528, we describe the IBM Security Framework and the IBM Security Blueprint in more detail.

In “Business risks in employee offboarding” on page 5, we discuss the business risks that drive the need for offboarding processes and the required measurements to prove that the risks are being mitigated.

In “Introducing control processes for employee offboarding” on page 7, we present several control processes that need to be in place to mitigate the offboarding risks from using the IBM Security Blueprint. These processes are designed for companies who typically divide up offboarding responsibilities between HR, the IT organization, and IT system owners. The processes are based on experiences with IBM clients and IBM's own experiences with implementing offboarding processes.

1

2

For more information visit the following Web site: http://www.ibm.com/ibm/ideasfromibm/us/smartplanet/topics/itinfrastructure/20081215/index.shtml?&re=sph Visit the Ponemon Institute at http://www.ponemon.org/index.php

© Copyright IBM Corp. 2009. All rights reserved.

1

Document info
Document views77
Page views78
Page last viewedSun Dec 04 10:22:37 UTC 2016
Pages28
Paragraphs457
Words10561

Comments