RISK-0008
Risk summary
- Likelihood
- 4
- Impact
- 4
- Score
- 16
- Level
- High
- 01
Asset
Identity store, directory accounts, application users, service identities, shared identities, and system authorization records.
Business object or system that needs protection. - 02
Threat
Account takeover, unauthorized former-user access, shared-account misuse, unmanaged service identity abuse, or lack of accountability for actions.
Event, actor, or condition that can create harm. - 03
Vulnerability
Joiner/mover/leaver events are not reconciled with live identities, shared identities are not risk-assessed, and accounts are not disabled, removed, or reviewed promptly.
Weakness that makes the threat relevant. - 04
Risk
Because identities are not managed through a controlled lifecycle, inactive, duplicate, stale, or shared identities may remain usable after users change roles or leave.
Scenario evaluated with likelihood, impact, and ownership. - 05
Treatment
Mitigate through identity lifecycle procedures, authoritative-source reconciliation, joiner/mover/leaver records, shared-identity exception controls, account disablement evidence, and periodic live-identity reviews.
Decision path for reducing, accepting, transferring, or avoiding risk.
Controls that treat the risk
Evidence that proves operation
Assessment Rationale
Likelihood
The likelihood is high because personnel and role changes happen continuously. Identity drift appears quickly when HR, managers, IT, and system owners do not share a controlled lifecycle process.
Impact
The impact is high because orphaned identities can bypass access approvals, make attribution unreliable, and allow former users or attackers to retain access to sensitive services.
Residual Risk
After treatment, residual risk is estimated as medium when live identities reconcile to authorized users and exceptions are risk-assessed, reviewed, and logged.
Review Notes
Review after HR process changes, identity-provider changes, shared-account exceptions, access review findings, and leaver control failures.
Software Object Mapping
- risk
- identity
- control
- evidence
- Iso27005
- Risk
- Iso27001
- Identity management
Note Metadata
Aliases: RISK-0008
Source: 05-Risk-Knowledge-Base/RISK-0008-Orphaned-Identities-After-Role-or-Employment-Change.md