The list of all accounts created in the enterprise
An organizationally defined policy indicating a "dormant threshold"; the period of inactivity after which the account is considered dormant.
Assumptions:
The list of accounts for the enterprise includes OS-level, database, internal and external application accounts.
Based on the account location, a query interface is assumed enabling collection of a "last activity" timestamp, such as last logon, as well as a status indicating if the account is enabled or disabled.
Operations:
For each account, query the respective interface to collect the account's last activity.
For each account, query the respective interface to collect the account's enabled/disabled status.
Based on Operations 1 and 2, collect those accounts still marked as enabled but whose last activity is beyond the "dormant threshold" defined in Input 2
Measures:
M1 = The total number of accounts
M2 = The total number of accounts marked as enabled
M3 = The total number of accounts collected by Operation 3
Metrics:
Ratio of enabled dormant accounts to total = M3 / M1
Ratio of enabled dormant accounts to accounts marked enabled = M3 / M2
Automatically disable dormant accounts after a set period of inactivity.
Measures
Metrics/KEI
No explicit comment.