[ale] Security best practice - Remove or disable user accounts?

Greg Freemyer greg.freemyer at gmail.com
Thu Aug 7 12:50:07 EDT 2008


We often recommend that user files, data, etc. be preserved when an
employee leaves.

That way if an issue arises a few months later, you have the data to
examine / search for relevant info.

Where we see this most is Intellectual Property theft.  An employee
leaves.  On the way out the door they take a number of confidential
documents, etc.  A civil lawsuit is initiated.  If all of their info
has been deleted, it is very hard to pursue that lawsuit.

As to the actual user accounts, by disabling them you ensure the user
id is not re-used.  Thus if you have logs etc. that track employee
activity by user id you can be assured that uid NNN is the same person
over time.  If you delete the account and the uid gets re-issued, you
lose that one-to-one relationship.

Greg

2008/8/7 Jeff Lightner <jlightner at water.com>:
> At a former job the policy was to disable rather than remove user accounts.
>
> However, on checking for "best practices" I don't find any indication why
> this should be and find several references to removing them completely.
>
> Does anyone know of a best practice that explains why disabling would be
> preferable to removing?
>
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you are
> not the intended recipient, any disclosure, copying, distribution, or use of
> the contents of this information is prohibited and may be unlawful. If you
> have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>



-- 
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com


More information about the Ale mailing list