Just the latest in a series of incidents where disgruntled employees did serious harm to their former employer:
Ex-Disney employee gets prison for hacking menus, removing allergens
It’s easy to overlook, but one of the biggest security risks occurs after someone leaves an organization. Former members with lingering access can cause real damage – whether intentional or just careless.
An Information Security Management System (ISMS) like TISAX® or ISO 27001 addresses this by requiring a few key practices that many companies still don’t have in place:
First, it pushes for clearly defined access rules based on the principle of least privilege—in other words, people should only ever get the minimum access needed to do their job, nothing more. This limits what they can reach while employed and protects information during their tenure.
Second, TISAX® requires regular, documented reviews of access rights – at least once a year. That means roles and permissions are audited and cleaned up before they turn into blind spots.
And most importantly, the standard calls for formal onboarding and offboarding procedures. When someone joins, they get only the access they need. When they change positions internally, or leave the organization, access is adjusted or revoked in a structured, reliable way – not as an afterthought.
It’s a simple but powerful way to reduce insider risk, and it works.
Granite State InfoSec is ready to help establishing your organization’s policies and procedures to ensure you are not caught in the same situation as Disney.
#TISAX #InfoSec #ISO27001 #GSInfoSec
