Revocation is the final phase of the identity and access provisioning lifecycle. The identity and access provisioning lifecycle is the set of activities and stages that govern the creation, modification, and deletion of user accounts and access privileges in an organization. The identity and access provisioning lifecycle consists of six phases: request, approval, provision, test, review, and audit. Revocation is the process of terminating or disabling the user accounts and access privileges when they are no longer needed, used, or authorized, such as when a user leaves the organization, changes roles, or violates the policies. Revocation can be done manually or automatically, depending on the triggers and the mechanisms used. Revocation ensures that the user accounts and access privileges are removed in a timely and secure manner, and that the principle of least privilege and the separation of duties are maintained. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, page 206. CISSP Testking ISC Exam Questions, Question 11.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit