A COBIT and NIST-based conceptual framework for enterprise user account lifecycle management

With the complexity posed by user account management for organizations, the need to implement an effective user account management process to help address possible risks to information cannot be overstated. To this end, this paper focuses on the development of a conceptual framework for enterprise user account lifecycle management (EUALMF), to help small - medium size organizations more effectively implement user account management recommendations contained in the NIST SP 800-53 standard, COBIT 4.1/5 framework, as well as other standards and best practices. It is argued that the high-level nature of the NIST standard and COBIT framework may make it difficult for small-medium size organizations to effectively implement recommendations proposed, due to resource and financial constraints. The framework is designed to provide a level of flexibility that ensures it can be easily adapted to most IT environments, to help ensure the separation of duties, least privilege and need-to-know principles are enforced, as well as providing the right balance between technical and non-technical controls to help prevent single-point-of-failure. The need to carry out a risk assessment process for user accounts, implementing an audit process, as well as implementing a performance measure metric has also been highlighted.