This depends on the size of the company; a CTO may have a broad range of responsibilities, which may require elevated privileges.
A better way to assess appropriate privileges is to think in terms of job responsibilities. Do the day-to-day responsibilities of the CTO or SVP of technology require domain administrator privileges? If so, it is appropriate; if not, the security manager should limit his or her account privileges to the minimum required to do the job, just as everyone else in the company should.
The CTO should understand the concept of access appropriate to role and limiting account privileges. There should be a process in place to evaluate every privileged account on a periodic basis. In doing this, you take away the subjectivity of the conversation and introduce an objective process based on sound business requirements.
- Is it possible to create multiple root user IDs to prevent root password sharing? Find out more.
- Learn how to write a batch file that allows users local admin access for a short time.
Dig deeper on Enterprise User Provisioning Tools
Related Q&A from David Griffeth, featured expert
Are users at your enterprise creating weak passwords that could potentially lead to serious data breaches? In this identity and access management ...continue reading
Virtualization is a technology that's taking off, but how can information security professionals know how it will interact with their existing ...continue reading
Periodic access reviews for enterprise identity and access management (IAM) can help ensure the necessary personnel have access to essential systems ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.