During the offboarding of an employee, which action MOST effectively reduces the risk of unauthorized access to the organization's information systems?
Immediately disable the employee's system accounts and collect all badges and keys.
Leave network credentials active for 30 days to facilitate knowledge transfer.
Permit the former employee to keep their physical badge for occasional on-site visits.
Wait until the next scheduled quarterly access review to remove the employee's accounts.
Immediately disabling the former employee's logical accounts (usernames, passwords, tokens) and collecting their physical access devices (badges, keys) eliminates the opportunity for the individual-or anyone who might obtain those credentials-to access company resources. Delaying revocation, leaving badges in circulation, or waiting for a periodic review extends the attack window and violates best-practice guidance in NIST SP 800-53 PS-4 and ISO 27001 Annex A 9.2.6.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NIST SP 800-53 PS-4?
Open an interactive chat with Bash
Why does ISO 27001 Annex A 9.2.6 emphasize immediate access revocation?
Open an interactive chat with Bash
What are the risks of delaying account termination during offboarding?