Manage Learn to apply best practices and optimize your operations.

Security management performed by systems administration

Should security management be performed by separate individuals than systems administration? In my company, our NT admins do everything (control all access/rights/permissions to all servers, folders, shares, etc.; they also backup the servers and have the ability to restore the data anywhere they please, and no one is watching their activities, i.e. no checks and balances.), and I as the lone security person, think there is a conflict of interest. They don't have adequate time to spend addressing my company's security needs, not to mention, effective monitoring of our logs!
There should be a clear distinction for job responsibilities; however, I have seen this situation in small shops (REALLY SMALL shops). If you must work within this type of situation, you need to institute mitigating controls to reduce the likelihood of accidental compromise or fraud. Management will need to become active in hiring practices (insuring background checks), bonding individuals (which should be routine for individuals in all critical areas), routine report monitoring/auditing. Recertification of users to resources and resources to users needs to be performed at least yearly to assure proper access controls are in place. Since the system administration group is probably placed within the confines of the computer room, an audit of physical and logical controls also needs to be performed by a third party.

This was last published in November 2001

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.