How many days until you disable inactive user accounts? How many days until you delete inactive user accounts?

2.3k views3 Comments

Sort by:

Director in Manufacturing2 years ago

If you are out on HR approved medical leave the account is locked as part of the process usually within a day. In Europe since many take 4+ weeks of vacation at once we allow 5 weeks. In the USA it’s 3 weeks. If the employee quits or is fired or laid off it’s disabled immediately.

Vice President Information Technology in Finance (non-banking)2 years ago

4 weeks

Chief Technology Officer in Media2 years ago

I define my own policies based on their security requirements, compliance regulations, and risk management practices. These policies often consider factors such as the nature of the organization's business, the sensitivity of the data accessed by the user accounts, and the overall security posture.
The number of days before disabling or deleting inactive accounts can range from a few weeks to several months

Content you might like

Do you think your board/executive leadership understands cybercrime as an industry in itself?

Yes39%

Some but not all54%

No6%

I don’t know

View Results

How vulnerable is the real estate industry to cyberattacks?

As vulnerable as tech sector37%

Less vulnerable than tech sector52%

Not vulnerable5%

Don't know3%

View Results

What steps do you typically take when you notice a security team member becoming less and less engaged? How do you approach them to diagnose/address the issue?

Have you evaluated any “AI native” data security platforms so far (like Concentric AI, Normalyze, etc)? Interested to know your thoughts on these, whether or not you move forward with implementing.

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

How many days until you disable inactive user accounts? How many days until you delete inactive user accounts?

Sort by:

Content you might like

Do you think your board/executive leadership understands cybercrime as an industry in itself?

How vulnerable is the real estate industry to cyberattacks?

What steps do you typically take when you notice a security team member becoming less and less engaged? How do you approach them to diagnose/address the issue?

Have you evaluated any “AI native” data security platforms so far (like Concentric AI, Normalyze, etc)? Interested to know your thoughts on these, whether or not you move forward with implementing.

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go