Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Handling Sysads resignation/termination
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 3 Aug 2005 23:49:12 -0700

2) It is important to get a signature on a document that acknowledges
that the person has not taken any steps to alter systems, data, etc.
This cuts to the heart of intent if there is a problem alter on. In
response to Susan Bradleys point, this is why signing the document is
usually tied to any severence package being offered.

No, it's not. I don't want to sound too harsh here, but this is not good advise... Well, to be more specific, it is not good "legal" advise. Requiring someone to sign a document in order to receive severance benefits could easily constitutes a state of duress (as I already said in my first email.) It doesn't cut to the heart of intent at all, it cuts to the heart of "I signed what they forced me to sign so that I would get my last check so that I could feed my family." Additionally, in some states (note that this perspective is from a US mentality) signing a document exacting performance (regardless of direction) in exchange for benefits could actually be considered an employment contract, thus giving the to-be-terminated employee more rights to employment benefits than originally offered -- even in "at will employment" states according to citations of specific case law I've read regarding the matter.

But of course, you need to check with your lawyer on this point. I don't take technology advise from my lawyer, and I would suggest to readers of this post that they don't take legal advise from technologists either.

3) The document should also address any intellectual property and
non-compete issues. Even if the person has not done any tampering they
still have a lot of information sitting in their head. This might be
useful to a competitor or simply harmful to the company if released
into the wild.

That *must* be addressed at employment. NDA's and NC's need to be signed coming into employment, not leaving it. But again, check with your lawyer on that.

This process does not have to be done in a heavy handed way but should
be done in a way that makes it clear that the company is paying
attention.

Making someone sign something to get their final check *IS* heavy handed, no matter how nice you try to make it. Addressing aspects of system state and security is something you build into the employment policy (not contract, unless you really want a contract) when people get hired, not when they are terminated or willfully leave employment.

t


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault