Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term User

Training Camp • Cybersecurity Glossary

What is User?

Any person, entity, or process that accesses an information system; managing user identities and privileges is core to IAM and least privilege.

Glossary > Network Security > User

Understanding User

In information security, a user is any person, entity, or process that accesses or interacts with information systems, applications, data, or services. Users include employees, contractors, customers, partners, automated processes, and application service accounts. Understanding user types, roles, and responsibilities is foundational to access management and accountability.

Users are managed through identity and access management (IAM) processes spanning the full identity lifecycle. This includes provisioning accounts, authenticating identity (verifying who the user is), authorizing access (determining what they may do), assigning roles and privileges, conducting periodic access reviews, and deprovisioning accounts when access is no longer needed. Each user is typically tied to a unique identifier so that actions can be attributed and audited. User categories such as normal users, privileged users, service accounts, and end users carry different risk profiles and controls.

This matters because users are simultaneously the primary consumers of systems and a leading attack vector. Compromised or over-privileged user accounts feature in a large share of breaches, and orphaned accounts left active after a person departs are a common foothold for attackers. Sound user management, enforcing least privilege, separating administrator accounts, monitoring activity, and promptly removing access, directly limits exposure. User management requirements appear throughout frameworks like ISO 27001 and NIST SP 800-53 and in many regulations.

For example, a university implements comprehensive user management with automated account provisioning driven by enrollment or employment status, role-based access control distinguishing students, faculty, and staff, separate administrator accounts for privileged tasks, and regular access reviews. When a student graduates or an employee departs, automated deprovisioning revokes their access immediately, while activity monitoring flags anomalous behavior, ensuring that only current, appropriately scoped users can reach sensitive systems and data.

Learn More About User:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →