Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

5.6.1. User Account Management and Identity Proofing

šŸ’” First Principle: Account management is the lifecycle of digital identities from creation through deactivation. Every step creates or reduces risk. Identity proofing ensures the person requesting access is who they claim to be before granting any credentials.

Account types:
  • User accounts ā€” standard employee accounts with permissions appropriate to job function.
  • Privileged accounts ā€” administrative accounts with elevated access. Require additional controls (separate credentials, enhanced logging, session recording).
  • Service accounts ā€” non-human accounts used by applications to access resources. Often overlooked in security reviews and can accumulate excessive permissions.
  • Shared accounts ā€” accounts used by multiple people. Should be avoided because they destroy accountability ā€” you can't determine who performed an action.
  • Guest accounts ā€” temporary, limited access for visitors. Should auto-expire and have minimal permissions.
Account lifecycle management:
  • Provisioning ā€” creating accounts with appropriate permissions based on role.
  • Review ā€” regularly auditing accounts to verify permissions remain appropriate (access reviews/recertification).
  • Deprovisioning ā€” disabling or removing accounts when no longer needed (employee termination, role change, project completion).

Identity proofing ā€” verifying a person's identity before issuing credentials. Methods range from government ID verification to knowledge-based authentication to biometric enrollment. The rigor of proofing should match the sensitivity of the access being granted.

Onboarding ā€” the process of granting new employees their initial access. Should follow predefined role-based templates to ensure consistent, least-privilege access from day one.

Offboarding ā€” the process of revoking all access when an employee leaves. Must be timely and comprehensive ā€” every system, every badge, every remote access credential. Delayed offboarding is a common audit finding and a real security risk ā€” former employees retaining VPN access, email access, or cloud service accounts create an unmonitored insider threat. Automate offboarding workflows where possible to ensure nothing is missed.

āš ļø Exam Trap: Shared accounts eliminate accountability. If a question describes an incident where "it's impossible to determine who performed the action," the root cause is likely shared accounts. The fix is individual accounts with logging.

Alvin Varughese
Written byAlvin Varughese
Founderā€¢15 professional certifications