Roles and responsibilities of Security team vs Administration team

Accueil Forums Sécurité et formations Roles and responsibilities of Security team vs Administration team

Ce sujet a 0 réponse, 1 participant et a été mis à jour par  robertstandley, il y a 1 mois.

Affichage de 1 message (sur 1 au total)
  • Auteur
    Messages
  • #11841

    robertstandley
    Participant

    Hi,

     

    My security team maintains they need unfettered Root and Administrator access to every piece of equipment for day to day access. I’ve been trying to push the point that unless they are responsible for operations of the systems they should not have root/administrator access. I can however see them needing root and/or Administrator access for incidents where the usual administrators are unavailable or suspect, but having a password escrow system would meet this need nicely. In my mind it follows the best practices of separation of duties to limit their access, and if the security team needs elevated privileged to do day to day operations then work flows can be developed to handle this, just as there are workflows for database administrators and application administrators to get things done by the system root/administrator users. I’ve googled a few times but cannot find any good published docs siding one way or the other. Anyone have any good best practices they can reference? Or a good way to deal with this?

     

    Please help.

     

    I didn’t find the right solution from the Internet.

     

    References:-

    https://arstechnica.com/civis/viewtopic.php?f=21&t=1400029

    Product Video Production Services

     

    Thanks!

     

     

Affichage de 1 message (sur 1 au total)

Vous devez être connecté pour répondre à ce sujet.