Prima di arrivare alla carne della mia risposta in basso, penso che sia importante fare una distinzione che non dovresti mai in nessun caso cancellare un account utente.
Innanzitutto, è perché l'eliminazione dell'account rischia di rimuovere il registro di controllo storico / la registrazione dell'attività di quell'account. Devi immediatamente disabilitare l'account utente e assicurarti che non sia in grado di accedere attivamente o eseguire attività in qualsiasi punto della rete. Questo vale sia per la cessazione di un dipendente o dopo che un dipendente se ne va volontariamente, ma non si dovrebbe mai eliminare un account utente, in nessuna circostanza.
In tal caso, in determinate giurisdizioni potrebbe verificarsi una violazione della legge se il dipendente è stato licenziato e, anche se non lo fosse, l'eliminazione dell'account e il record storico associato dell'attività di tale account potrebbero mettere la tua azienda in una posizione distinto svantaggio se si deve mai difendere le azioni in una causa.
Ora per la risposta più dettagliata ....
Direi che fondamentalmente si riduce a "il principio del privilegio minimo"
Poiché US-CERT lo mette :
Only the minimum necessary rights should be assigned to a subject that
requests access to a resource and should be in effect for the shortest
duration necessary (remember to relinquish privileges). Granting
permissions to a user beyond the scope of the necessary rights of an
action can allow that user to obtain or change information in unwanted
ways. Therefore, careful delegation of access rights can limit
attackers from damaging a system.
Per definizione di un utente che non è più occupato con la compagnia dovrebbe avere privilegi zero dal momento che non hanno alcuna funzione legittima di fare qualsiasi cosa in azienda con qualsiasi risorsa.
Wikipedia fornisce una buona definizione e un'ampia ripartizione dei vantaggi e dei vantaggi dell'adozione di questa fondamentale prima principio di sicurezza delle informazioni:
In information security, computer science, and other fields, the
principle of least privilege (also known as the principle of minimal
privilege or the principle of least authority) requires that in a
particular abstraction layer of a computing environment, every module
(such as a process, a user, or a program, depending on the subject)
must be able to access only the information and resources that are
necessary for its legitimate purpose.
When applied to users, the terms least user access or -privileged user
account (LUA) are also used, referring to the concept that all user
accounts at all times should run with as few privileges as possible,
and also launch applications with as few privileges as possible.
The principle of least privilege is widely recognized as an important
design consideration in enhancing the protection of data and
functionality from faults (fault tolerance) and malicious behavior
(computer security).
Benefits of the principle include:
Better system stability. When code is limited in the scope of changes it can make to a system, it is easier to test its possible
actions and interactions with other applications. In practice for
example, applications running with restricted rights will not have
access to perform operations that could crash a machine, or adversely
affect other applications running on the same system.
Better system security. When code is limited in the system-wide actions it may perform, vulnerabilities in one application cannot be
used to exploit the rest of the machine. For example, Microsoft states
“Running in standard user mode gives customers increased protection
against inadvertent system-level damage caused by "shatter attacks"
and malware, such as root kits, spyware, and undetectable viruses”.
Ease of deployment. In general, the fewer privileges an application requires the easier it is to deploy within a larger
environment. This usually results from the first two benefits,
applications that install device drivers or require elevated security
privileges typically have additional steps involved in their
deployment. For example, on Windows a solution with no device drivers
can be run directly with no installation, while device drivers must be
installed separately using the Windows installer service in > order to grant the driver elevated privileges.
Il NIST si spinge oltre con suggerimenti e giustificazioni di processo specifici per ogni , anche se rispecchiano ampiamente i sentimenti descritti in precedenza:
Least privilege refers to the security objective of granting users
only those accesses they need to perform their official duties. Data
entry clerks, for example, may not have any need to run analysis
reports of their database.
...
Friendly Termination. Friendly terminations should be accomplished by implementing a standard set of procedures for outgoing or
transferring employees. This normally includes:
removal of access privileges, computer accounts, authentication tokens,
the control of keys,
the briefing on the continuing responsibilities for confidentiality and privacy,
return of property, and
- continued availability of data. In both the manual and the electronic worlds, this may involve documenting procedures or filing
schemes, such as how documents are stored on the hard disk, and how
are they backed up. Employees should be instructed whether or not to
"clean up" their PC before leaving. If cryptography is used to protect
data, the availability of cryptographic keys to management personnel
must be ensured.
Unfriendly Termination. Given the potential for adverse consequences, organizations should do the following:
System access should be terminated as quickly as possible when an employee is leaving a position under less than friendly terms. If
employees are to be fired, system access should be removed at the same
time (or just before) the employees are notified of their dismissal.
-
When an employee notifies an organization of a resignation and it can be reasonably expected that it is on unfriendly terms, system
access should be immediately terminated.
- During the "notice of termination" period, it may be necessary to assign the individual to a restricted area and function. This may be
particularly true for employees capable of changing programs or
modifying the system or applications.
In some cases, physical removal from the offices may be necessary.