[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Antti.Roppola at brs.gov.au Antti.Roppola at brs.gov.au
Tue Sep 12 00:54:08 GMT 2006

Michael Still wrote:

> We're not talking about a specific person though. I would expect any organization to have
> an "exit checklist" that ensures that someone in a trusted position has their access revoked
> properly. We're talking about what should be on that checklist.

> (In fact, in the US, it's pretty much legally required).

After chatting about this with a few people, I was thinking that this would be
a good topic for a HOWTO. Sure enough, there's already a few, but few available checklists
(found thus far) exhaustively list things that a disgruntled employee might exploit.

Covers the basics, but not insideous attempts

Suggests securing the user's file on the chance that they may contain evidence of any planned action

Suggests that securing logs is a key precaution

This is probably the most comprehensive list I was able to find



IMPORTANT - This message has been issued by The Department of Agriculture, Fisheries and Forestry (DAFF).  The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material.  It is your responsibility to check any attachments for viruses and defects before opening or sending them on.  
Any reproduction, publication, communication, re-transmission, disclosure, dissemination or other use of the information contained in this e-mail by persons or entities other than the intended recipient is prohibited.  The taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.  If you have received this e-mail in error please notify the sender and delete all copies of this transmission together with any attachments.  If you have received this e-mail as part of a valid mailing list and no longer want to receive a message such as this one advise the sender by return e-mail accordingly.  Only e-mail correspondence which includes this footer, has been authorised by DAFF 

More information about the linux mailing list