Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Country

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

PO7.8 - Job Change and Termination

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO7.8 - Job Change and Termination is contained within Process Popup Manage IT Human Resources.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
3 Members
0 Online
2300 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Job Change and Termination

Take expedient actions regarding job changes, especially job terminations. Knowledge transfer should be arranged, responsibilities reassigned and access rights removed such that risks are minimised and continuity of the function is guaranteed.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Efficient and effective continuation of business-critical operations
  • Improved staff retention
  • A more secure information environment through timely and appropriate restriction of access
   Risk Drivers
  • Unauthorised access when employees are terminated
  • Lack of smooth continuation of business-critical operations

View Control Practices  help

Hide Control Practices  help

  1. Include the need for job change and termination procedures within human resource policies.
  2. Document and implement exit procedures for termination of employment that include reassignment of job duties so disruptions are minimised and job transfer procedures including necessary knowledge transfer, timely securing of logical and physical access, security of the organisation’s assets, and exit interviews.
  3. Design job change procedures to ensure efficient continuation with minimal disruption, providing guidance on the need for job mentoring, job handover steps and preparatory formal training.
  4. Include in job change procedures confirmation that logical and physical access privileges have been revised and aligned with the new job requirements.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 10 total

Must be a Topic member to contribute
View All »
Books
IT Governance: Policies & Procedures, 2013 Edition
Posted by ISACA 138 days ago
Books
Web Application Security:A Beginner's Guide
Posted by ISACA 278 days ago
Books
Guide to Firewalls and VPNs, 3rd Edition
Posted by ISACA 312 days ago
Books
Information Security Policies Made Easy, Version 12
Posted by ISACA 375 days ago
Books
IT Governance: Polices & Procedures, 2012 Edition
Posted by ISACA 594 days ago
Books
Access Control, Security and Trust: A Logical Approach
Posted by ISACA 666 days ago
View All »

Events & Online Learning: 4 total

23 May 2013
Online
Webinar: Best Practices for Managing Today’s Complex Web of Digital Identities & Personas
Online
More »
Add to my Outlook
16 Sep 2013
ISACA International Event
2013 EuroCACS / ISRM
London, England
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2013 in Berlin—the leading European conference for IT audit, assurance, security and risk professionals. Save over US $200 when you register by 22 July!
More »
Add to my Outlook
Register Now
30 Sep 2013
ISACA International Event
Conferencia Latinoamericana
Medellín, Colombia
La Conferencia Latinoamericana CACS/ISRM 2013 en Medellín, Colombia es la conferencia principal latinoamericana para los profesionales de auditoría, riesgo y seguridad de la información. Ahorre más de EE.UU. $ 100 si se inscribe antes del 7 de agosto!
More »
Add to my Outlook
Register Now
6 Nov 2013
ISACA International Event
North America ISRM 2013
Las Vegas, NV, USA
North America ISRM is a multidimensional event featuring security and risk content, and the security programs, tools and the resources you need to be responsive to industry changes.
More »
Add to my Outlook
Register Now

Journal Articles: 91 total

View All »
Volume 3, 2013
Pushing Back the Rain—How to Create Trustworthy Services in the Cloud
by Dan Bogdanov, Ph.D., and Aivo Kalu, Ph.D., CISA
A cloud is a remote-access platform; thus, technical controls that remotely enforce a particular security policy are especially efficient.
Volume 3, 2013
Multiagent Model for System User Access Rights Audit
by Christopher A. Moturi and Fredrick O. Bitta, CISA
One of the prime concerns in any audit for management is the logical access to computer systems and data.
Volume 6, 2012
HelpSource Q&A
by Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
What are the subcontrols that I must consider and evaluate to assess the effectiveness of the system and the appropriateness of the access privileges granted?
Volume 6, 2012
Preventive Technical Controls for Application Security
by Rohit Sethi, CISSP, CSSLP, and Ehsan Foroughi, CISM, CISSP
SALM solutions offer the unprecedented ability to achieve auditable and scalable prevention-based application security.
Volume 5, 2012
How Strong is Strong User Authentication?
by Alessandro Campi
This article focuses on the security of the authentication procedure set up by a service provider (SP) using a solution/tool obtained by a technical security provider (TSP).
Volume 5, 2012
Is Security a Wall or a Door?
by Steven J. Ross, CISA, CISSP, MBCP
In a recent meeting, the question being debated was whether there were situations in which the security of information could be prudently reduced.
View All »

User Contributed External Links: 0 total

Wikis: 2 total

Blog Posts: 22 total

View All »
22 Apr 2013
Payments to invalid recepients resulting in fraud
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What po...
Posted By : Paulina.PNI | 1 comments
18 Mar 2013
VENEZUELA, Cursos de Preparación Examenes CISA, CISM, CRISC, COBIT
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013. Para los que esten interesados en la presentación del exámen de certificación CISA y CISM  o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
19 Oct 2012
Auditing OS/400 Password Controls using CAATs
We have already seen that OS/400 passwords are controlled using system values (http://www.isaca.org/Blogs/273340/Lists/Posts/ViewPost.aspx?ID=18). To refresh: QPWDEXPITV - The number of days for which a password is valid. QPWDMAXLEN - The maximum num...
Posted By : Ian Cooke | 0 comments
6 Oct 2012
Auditing OS/400 System Values using CAATs
According to the IBM System i (AS/400) security guide “system values represent the foundation upon which almost everything else is built. They allow you to customise many characteristics of your system. A group of system values is used to define system...
Posted By : Ian Cooke | 0 comments
29 Sep 2012
Auditing OS/400 Users using CAATs
In a typical AS/400 RPG / Cobol application access is provided through the users OS/400 profile. OS/400 users may be retrieved using the DSPUSRPRF command (see http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Fcl%2Fdspusrprf.ht...
Posted By : Ian Cooke | 0 comments
29 Sep 2012
Oracle Database Script Passwords
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 0 comments
View All »
Report An Issue