Q

Security management performed by systems administration

Should security management be performed by separate individuals than systems administration? In my company, our NT admins do everything (control all access/rights/permissions to all servers, folders, shares, etc.; they also backup the servers and have the ability to restore the data anywhere they please, and no one is watching their activities, i.e. no checks and balances.), and I as the lone security person, think there is a conflict of interest. They don't have adequate time to spend addressing my company's security needs, not to mention, effective monitoring of our logs!
There should be a clear distinction for job responsibilities; however, I have seen this situation in small shops (REALLY SMALL shops). If you must work within this type of situation, you need to institute mitigating controls to reduce the likelihood of accidental compromise or fraud. Management will need to become active in hiring practices (insuring background checks), bonding individuals (which should be routine for individuals in all critical areas), routine report monitoring/auditing. Recertification of users to resources and resources to users needs to be performed at least yearly to assure proper access controls are in place. Since the system administration group is probably placed within the confines of the computer room, an audit of physical and logical controls also needs to be performed by a third party.


This was first published in November 2001

Dig deeper on Information Security Policies, Procedures and Guidelines

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close