There are other ways in which the organization may become aware that laid off employees are using proprietary or sensitive information. It is important that organizations have a process by which these incidents can be reported and evaluated. The incidents need to be evaluated both for their business cost/impact and for the root cause of the breach: How did the employee access the data? From which systems/processes did the data come? When did the employee actually access and copy the data?
To augment the cases of discovered incidents, an organization might randomly audit IT logs of activity after an employee leaves to look for incidents of unauthorized data access.
By building a catalog of these incidents, both from accidental discovery and by audit investigations, the organization can quantify the incidents both in terms of numbers of incidents in a time period and the cost of those incidents in the time period.
The success of an employee offboarding process is judged by its ability to reduce the number and severity of these incidents.
Introducing control processes for employee offboarding
As described above the IBM Security Blueprint uses a closed-loop risk-management based framework for security management that is adapted to specific security controls.
This risk management-based framework follows a basic plan-do-check-act/react set of components that IBM adapts to IT security management as:
Security Policy Management
Control deployment and execution
Risk and Compliance Assessment
Command and Control Management