Re: Preparing for a High-profile Termination

A few other points that may be helpful.

I also subscribe to a list that shares information about
computer breaches ... you might want to review relevant
archives to give you ideas about kinds of data associated
with breaches, and the types of corporate errors that lead to
them happening. It is not just computer data stored in the
obvious places.

If someone were to visit my apartment, they would find off-
site backup, manuals, source programs I working on. I have
told my co-workers and managers that there is this situation
& where I store the off-site backup. In a crisis I would not
be surprised if they forget about this.

We have an inventory of who is supposed to have keys to the
kingdom ... but some keys get passed around too fast to keep
good track of them ... like the company truck has 3 sets of
keys ... where are they all?

Does the company have many lap tops that managers, sales
reps, etc. take on the road? Does the company have a good
inventory of how many are in circulation? How about other
electronics that connect to company network that is somewhat
portable?

We recently had a security incident, details of which I may
not divulge. 100% of system passwords got changed. I
notified IT staff and top management what the new ones were,
and where I hide my cheat sheet, and how to translate it.
However, if I get hit by a bus, odds are my cheat sheet won't
survive either. My cheat sheet is not in plain text ... it
is "other plain text" that looks like something other than
what it is for ... a person needs to know how to translate
the data there into the secret passwords ... I do this
because there are too many passwords to keep them all in my
head, and I have already been burned keeping passwords on a
computer that went down.

We recently had a HIT BY BUS incident.
I am the only person who has done the end fiscal month year
physical updates for the company for the last 3 years & the
porcess gets changed every few months (new reports added,
some reports dropped, change some business rules) then I got
called for JURY DUTY. I told everyone, I suggested who would
be best qualified to learn my critical duties. From top
management on down, they decreed no one had time to take on
any additional duties, we would just have to hope for the
best. My boss wrote a nice letter to the Judge, which did
not get me excused. The jury was to start a few days before
EOM ... fortunately I only spent a day there & they did not
select me to be one of the lucky 13.
As a result of this, I brought the end fiscal check list up
to date & told accounting where it was located. I
specifically included in there "Suppose the person who is
doing end fiscal knows our computer system, knows BPCS, but
does not know our operations ... what do they need to know to
get the job done?" or "Suppose we bring back an employee who
used to do it 5 years ago, what has changed since then?"

---- Original message ----

Date: Tue, 3 Jul 2007 16:25:30 -0500 (CDT)
From: <macwheel99@xxxxxxxxxxx>
Subject: Re: Preparing for a High-profile Termination
To: Midrange Systems Technical Discussion <midrange-

l@xxxxxxxxxxxx>

Sorry I have not found time to read all the posts on this
thread.

We have had high profile persons, other than myself, who

left

the company, some of them not on the most friendly of

terms.

Actions taken included:
* Change our IP addresses so that anyone who connects
remotely that is authorized to do so, has to get the new IP
address and the replacement Cisco cryptographic secret #s.
* Change locks physically on the building, issue new keys to
everyone authorized to enter the building.
* Temporarily have a security firm running interference on
anyone entering the building (they gotta be on the list
issued by HR & Management, or else they not allowed in) ...
this until all the locks get changed.
* Send out e-mail to everyone reminding them how to change
their passwords on each and every one of our computer

systems.

* Daily a report to top management on who has not yet

changed

their passwords, and all incidents of suspicious e-visitors.

On multiple occasions my boss has asked for some kind of

list

of the tasks that I do, and I comply, then he is not
interested in details, or in tasks I do for co-workers or
managers not in his chain of command, so for whatever

purpose

he wants these task lists, they are not going to be very
helpful to anyone else who later needs to take over my
responsibilities.

A co-worker mentioned to me today
* She I and our boss, each have notes and cheat sheets on

how

to get the job done.
* We each can decipher our own notes no problem.
* We have a real hard time of it deciphering another person
notes.

So does the high profile person have notes how things are to
be done on a regular basis & are they where other people can
find them & can other people decipher them?

In my work environment there is extreme pressure to get
things done in very short time intervals, so it is not
unusual that I cut some corners.

There are jobs that run, that send a message to me that they
got done, so I can check to see if some step is missing. It
is not just me that messages automatically go to various co-
workers when some step completed. If the user-ids that are
getting those messages were to be killed, jobs would bomb

all

over the place.

There's a ton of stuff in GO CMDSCDE running in the name of
some employee. We have found that if a sign on is disabled,
that stuff still runs, which makes us happy.

Currently they have me doing end-fiscal, then sending end-
fiscal reports via Excel & e-mail to various & sundry

people,

then months later ask that some end fiscal report be
rerun ... this means that many many past months end fiscal
reports are in my name. Our security setup such that some
other name cannot get at these reports.

---- Original message ----

Date: Tue, 3 Jul 2007 09:29:58 -0700 (PDT)
From: Steve Martinson <smartfamily2003@xxxxxxxxx>
Subject: Preparing for a High-profile Termination
To: midrange forum <midrange-l@xxxxxxxxxxxx>

Situation:

High-profile, knowledgeable staff member soon to be

terminated (employment, not by Ahh-nold); has "keys to the
kingdom" for both the System i and the network; likely knows
passwords for many service and/or utility profiles on the
iSeries.

Requirement:

Prior to term date, analyze system for vulnerabilities

associated with a position like the one described above and
prepare a task list that will address the situation both
before and after the termination.

Areas to be reviewed include system values, network

attributes (exit points too), directory entries, SST, job
descriptions, subsystem routing entries, all user and group
profile parameters and their implications, authorities to
libraries, directory (WRKLNK) authorities, etc.

Can anyone think of anything else that could be a critical

hole that should be reviewed/covered?

Best regards and TIA,

Steven W. Martinson, CISSP, CISM
Sheshunoff Management Services, LP.
Senior Consultant - Technology & Risk Management
2801 Via Fortuna, Suite 600 | Austin, TX 78746
Direct: 281.758.2429 | Mobile: 512.779.2630
e.Mail: smartinson@xxxxxxxxx



____________________________________________________________

_

_______________________

Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
--
This is the Midrange Systems Technical Discussion (MIDRANGE-

L) mailing list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-

L) mailing list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.