Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > Should the CTO have domain administrator access?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should the CTO have domain administrator access?

David Griffeth, past SearchSecurity.com expert EXPERT RESPONSE FROM: David Griffeth, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 10 December 2008
Is it standard for the CTO or SVP of technology to have domain administrator privileges?

>

This depends on the size of the company; a CTO may have a broad range of responsibilities, which may require elevated privileges.

A better way to assess appropriate privileges is to think in terms of job responsibilities. Do the day-to-day responsibilities of the CTO or SVP of technology require domain administrator privileges? If so, it is appropriate; if not, the security manager should limit his or her account privileges to the minimum required to do the job, just as everyone else in the company should.

The CTO should understand the concept of access appropriate to role and limiting account privileges. There should be a process in place to evaluate every privileged account on a periodic basis. In doing this, you take away the subjectivity of the conversation and introduce an objective process based on sound business requirements.

More information:

BROWSE BY TAG
Identity Management and Access Control,   Enterprise User Provisioning Tools,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Password Management and Policy,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Identity Management and Access Control
Is Identity Management as a Service (IDaaS) a good idea?
How to log in to multiple servers with federated single sign-on (SSO)
How to confirm the receipt of an email with security protocols
Learn about enterprise strategy for server virtualization single sign-on
Employee information security awareness training for new IAM systems
Can you combine RFID tag technology with GPS to track stolen goods?
Is there a free enterprise-caliber password-management tool?
Cryptosystem attacks that do not involve obtaining the decryption key
Can any firm or organization get a digital signature certificate?
Does password sharing in international branches violate SOX?

Enterprise User Provisioning Tools
Content-aware IAM: Uniting user access and data rights
Is Identity Management as a Service (IDaaS) a good idea?
Top tactics for endpoint security
How to edit group policy objects to give a user local admin rights
Privileged account management critical to data security
Making the case for enterprise IAM centralized access control
Lesson 3: How to implement secure access
Best practices for a privileged access policy to secure user accounts
Risk management must include physical-logical security convergence
PCI compliance requirement 7: Restrict access

Password Management and Policy
Two-factor authentication, vigilance foil password theft
Group to shed light on secure identity management threats
Brute force attacks target Yahoo email accounts
Best Identity and Access Management Products
Privileged account management critical to data security
Making the case for enterprise IAM centralized access control
How to prevent brute force webmail attacks
Best practices for a privileged access policy to secure user accounts
Mature SIMs do more than log aggregation and correlation
PCI compliance requirement 2: Defaults

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
AAA server  (SearchSecurity.com)
authentication, authorization, and accounting  (SearchSecurity.com)
federated identity management  (SearchSecurity.com)
logon  (SearchSecurity.com)
password synchronization  (SearchSecurity.com)
RADIUS  (SearchSecurity.com)
role mining  (SearchSecurity.com)
user profile  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts