Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 163

It's vital that you keep these two concepts separate and distinct. Think of all of the information associated with a typical user, such as:

 Their identity itself and the supporting information that was used to initially create it

 Files created, modified, or maintained by them on company systems, whether for personal use, business use, or both

 Records containing information about that identity or user, which were created in other files in the company's systems; these might be payroll, training, personnel management, or workflow control settings

 Metadata, systems event logs, and other information that attests to what information the user has accessed, used, modified, or attempted to access

 Emails sent or received by the user or with message text pertaining to that user

 Archive or backup copies of those files, records, metadata, or systems that contain it

Revoking the identity blocks it from further access but changes no other data pertaining to that identity, no matter where it might be stored in your systems. Deleting that identity could mean a catastrophic loss of information, if the company ever has to answer a digital discovery request (about a wrongful termination, for example).