UnixTime

Research Note

RISK-0008 Orphaned Identities After Role or Employment Change

Because identities are not managed through a controlled lifecycle, inactive, duplicate, stale, or shared identities may remain usable after users change roles or leave.

On this page

RISK-0008

Risk summary

Likelihood
4
Impact
4
Score
16
Level
High
  1. 01

    Asset

    Identity store, directory accounts, application users, service identities, shared identities, and system authorization records.

    Business object or system that needs protection.
  2. 02

    Threat

    Account takeover, unauthorized former-user access, shared-account misuse, unmanaged service identity abuse, or lack of accountability for actions.

    Event, actor, or condition that can create harm.
  3. 03

    Vulnerability

    Joiner/mover/leaver events are not reconciled with live identities, shared identities are not risk-assessed, and accounts are not disabled, removed, or reviewed promptly.

    Weakness that makes the threat relevant.
  4. 04

    Risk

    Because identities are not managed through a controlled lifecycle, inactive, duplicate, stale, or shared identities may remain usable after users change roles or leave.

    Scenario evaluated with likelihood, impact, and ownership.
  5. 05

    Treatment

    Mitigate through identity lifecycle procedures, authoritative-source reconciliation, joiner/mover/leaver records, shared-identity exception controls, account disablement evidence, and periodic live-identity reviews.

    Decision path for reducing, accepting, transferring, or avoiding risk.

Assessment Rationale

Likelihood

The likelihood is high because personnel and role changes happen continuously. Identity drift appears quickly when HR, managers, IT, and system owners do not share a controlled lifecycle process.

Impact

The impact is high because orphaned identities can bypass access approvals, make attribution unreliable, and allow former users or attackers to retain access to sensitive services.

Residual Risk

After treatment, residual risk is estimated as medium when live identities reconcile to authorized users and exceptions are risk-assessed, reviewed, and logged.

Review Notes

Review after HR process changes, identity-provider changes, shared-account exceptions, access review findings, and leaver control failures.

Software Object Mapping

  • risk
  • identity
  • control
  • evidence
  • Iso27005
  • Risk
  • Iso27001
  • Identity management

Note Metadata

Aliases: RISK-0008

Source: 05-Risk-Knowledge-Base/RISK-0008-Orphaned-Identities-After-Role-or-Employment-Change.md