'Zero Budget' Security Projects II

Fastidiously on- and off-board employees and document your IT environment to better secure your IT environment for little or no extra cost.

Well, we're back to talk a little bit more about “zero cost “security projects. Whether you are an IT professional or already involved in information security, we spoke in our first article about your ability to impact your company’s information security by investing some blood, sweat and tears but not any money.

Last time, we toured the softer topics of security policies and decommissioning, this time we taking the gloves off and write about on-boarding/off-boarding employees and the documentation of your existing environment.

On-Boarding and Off-Boarding Employees

Information Security requires each and every team member in an organization to work with an information security mindset. Even if you have thoroughly worked with every single person in your organization by a certain date, your job for creating that mindset doesn't stop by that deadline.

Why? In every organization there is turnover or churn, leading to a whole new set of minds who may not understand the criticality of information security.

Employees may leave the organization or change roles for a variety of reasons:

• Departures: voluntary resignations, retirement, reduction in force, and terminations.
• Changes:  employees change business units via promotions or transfers.
• Additions: new hires and temporaries, whether part-time, full-time, or contractors.

According to the U.S. Bureau of Labor Statistics (BLS) turnover (separations) hovers around 3% per month.  It’s not unusual for an employer to hire (and then backfill) 30 people per month out of 10,000 employees.  A number of IT issues arise from this turnover:

• Activation and deactivation of credentials.
• Distribution and collection of assets.
• Education of individuals new to the organization or placed in more sensitive roles.

Well, we're back to talk a little bit more about “zero cost “security projects. Whether you are an IT professional or already involved in information security, we spoke in our first article about your ability to impact your company’s information security by investing some blood, sweat and tears but not any money.

Last time, we toured the softer topics of security policies and decommissioning, this time we taking the gloves off and write about on-boarding/off-boarding employees and the documentation of your existing environment.

On-Boarding and Off-Boarding employees

Information Security requires each and every team member in an organization to work with an information security mindset. Even if you have thoroughly worked with every single person in your organization by a certain date, your job for creating that mindset doesn't stop by that deadline.

Why? In every organization there is turnover or churn, leading to a whole new set of minds who may not understand the criticality of information security.

• Employees may leave the organization or change roles for a variety of reasons:
• Departures: voluntary resignations, retirement, reduction in force, and terminations.
• Changes:  employees change business units via promotions or transfers.
• Additions: new hires and temporaries, whether part-time, full-time, or contractors.

According to the U.S. Bureau of Labor Statistics (BLS) turnover (separations) hovers around 3% per month.  It’s not unusual for an employer to hire (and then backfill) 30 people per month out of 10,000 employees.  A number of IT issues arise from this turnover:

• Activation and deactivation of credentials.
• Distribution and collection of assets.
• Education of individuals new to the organization or placed in more sensitive roles.