ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV024
  • Created: 19th June 2024
  • Updated: 19th June 2024
  • Contributor: The ITM Team

Employee Off-boarding Process

When an employee leaves the organization, a formal process should be followed to ensure all equipment is returned, and any associated accounts or access is revoked.

Sections

ID Name Description
ME021Unrevoked Access

The subject has left the organization but still has access to services or data that is reserved for employees.

MT003Leaver

A subject leaving the organisation with access to sensitive data with the intent to access and exfiltrate sensitive data or otherwise contravene internal policies.

ME021.001User Account Credentials

User credentials that were available to the subject during employment are not revoked and can still be used.

ME021.002Web Service Credentials

Web credentials that were available to the subject during employment are not revoked and can still be used.

ME021.003Physical Access Credentials

Physical security credentials, such as an ID card or physical keys, that were available to the subject during employment are not revoked and can still be used.

ME021.004API Keys

API keys that were available to the subject during employment are not revoked and can still be used.

ME021.005SSH Keys

SSH keys that were available to the subject during employment are not revoked and can still be used.

ME021.006Multi-Factor Authentication

MFA tokens or hardware devices (such as physical security keys) issued to the subject during employment are not deactivated and can still be utilized.