People tend to focus on the technology aspect of security, and I'm as guilty as most. People and procedures are equally import, and can be critical.
When I was an IT guy at Three Letter Intelligence Agency, one of the security clearances we all had was essentially "There's a lot of classified stuff here that you're not cleared to see. You're an admin, and this stuff may be on your computers. Don't read it, mkay?"
So what happens when one of these people is laid off? They have passwords to all sorts of stuff.
Sebastian writes about it, from a too-close-for-comfort perspective.