Christina Detsika, Fraunhofer FKIE; Timo Jagusch, Nora Weidner, Larissa Weir, Florin Martius, and Christian Tiefenau, University of Bonn
Insider threats account for a significant portion of security breaches. One strategy to mitigate this threat is effective offboarding practices. However, existing standards from ISO, NIST, and BSI provide limited actionable guidance on offboarding, leaving it an underexplored aspect of IT security. In this paper, we collected offboarding advice from these standards and conducted qualitative interviews with 15 professionals directly responsible for managing or overseeing offboarding in their organizations. We identified gaps and usability issues in current practices and highlighted the need for structured, usability-focused solutions. To support organizations in addressing these challenges, we reviewed and consolidated the offboarding advice contained in multiple standards into a collection of offboarding actions, integrating them with insights from our study.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Christina Detsika and Timo Jagusch and Nora Weidner and Larissa Weir and Florin Martius and Christian Tiefenau},
title = {"You go now! No {trouble!}" Understanding the Offboarding Process in Companies from an {IT} Security Perspective},
booktitle = {Twenty-First Symposium on Usable Privacy and Security (SOUPS 2025)},
year = {2025},
isbn = {978-1-939133-51-9},
address = {Seattle, WA},
pages = {73--92},
url = {https://www.usenix.org/conference/soups2025/presentation/detsika},
publisher = {USENIX Association},
month = aug
}
