Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?
Human Resources (HR) is responsible for initiating the removal of system access for terminated employees. They manage the employee information and handle the termination process, including notifying the relevant departments such as Information Security and IT. Without HR initiating this process, other departments would not be aware of the termination and therefore, could not take further action to remove system access. This initial step by HR is critical to ensure that the process is started promptly and effectively.
When an employee is terminated, HR is responsible for notifying the appropriate personnel, including the information security team, to initiate the removal of system access for the terminated employee. This is critical to prevent unauthorized access to sensitive company data and systems, which could result in data breaches, intellectual property theft, and other security incidents.
why not Information Security? Human resources (HR) is an important function when initiating the removal of system access for terminated employees, as they are responsible for managing employee information and communication, including the termination process. However, the MOST critical function is still information security. Information security is responsible for ensuring the confidentiality, integrity, and availability of sensitive information, and the removal of system access for terminated employees is a critical step in maintaining the security of this information. Information security must ensure that all necessary steps are taken to remove the terminated employee's access to sensitive information, including revoking all user accounts, disabling access to systems and applications, and removing any network access privileges. Help desk and legal functions may also be involved in the process, but their role is secondary to that of information security in ensuring the security of sensitive information.
Agree 👍 C. Information Security
I went with HR. How would one know that the employee has been terminated without HR initiating the process? Without that first step, you wouldn't do anything to begin with.
D: CISM AIO 2nd: "Offboarding HR is responsible for processing the termination, or offboarding, of employees who are leaving the organization for any reason. HR is responsible for ensuring that security, IT, and other departments are notified of the termination so that all access rights can be terminated at the appropriate time."
You need to read this carefully. "initiating the removal of system access" HR doesn't initiate the REOMOVE OF SYSTEM ACCESS...HR merely initiates the REMOVAL of the EMPLOYEE from their job. As far as the technical part, that's all IT. If the wording said "initiating the removal of the terminated employees" then HR would be correct. But this is about the removal of actual access. This can only be done by IT. And what if they person fired was in the IT department? lol I wouldn't need HR to know I had to remove their access.
Selected Answer: D Here the question is who is "initiating " that's Human resources(HR).
HR plays a significant role in the termination process, including notifying IT or the relevant departments about employee terminations. However, HR may not have the technical expertise or direct control over system access. They rely on IT and information security to carry out access removal procedures effectively.
People, don't read too much into this. "Initiating removal of system access" basically means HR telling appropriate departments to do the rest. Without HR approving it, you are not allowed to terminate access for any employee (at least that's the case in my company :)).
C. Information security is responsible for protecting the organization's data and systems from unauthorized access. When an employee is terminated, it is crucial to immediately revoke their access to sensitive information and systems to prevent any potential data breaches or unauthorized activities. Information security ensures that access rights are revoked promptly and effectively, reducing the risk of data breaches or insider threats.
HR plays a significant role in the termination process, including notifying IT or the relevant departments about employee terminations. However, HR may not have the technical expertise or direct control over system access. They rely on IT and information security to carry out access removal procedures effectively.
When initiating the removal of system access for terminated employees, the most critical function is information security (option C). Information security is responsible for ensuring the confidentiality, integrity, and availability of the organization's systems and data. Removing system access for terminated employees is crucial to prevent unauthorized access and potential misuse of sensitive information. Information security teams play a key role in overseeing user access management processes, including timely disabling or revoking user accounts and access privileges upon termination.
Agree with D. The timeliness of HR notification is very crucial here. We normally have disputes between IT and HR in our audits because of exceptions noted related to late employee terminations that are due to late HR notification.
C. Information security
C. Information Security