- Prevention
- Detection
- Reaction
- Correction
Access to servers is one area where I see this process break down all the time. First, people reasonably Prevent access with passwords. However, they use a common account such as Administrator; which seriously weakens the Detection and Reaction steps. If every system administrator is using the same privileged account to do their work, there is no accountability (a key component of detection) and no reasonable ability to React when something goes wrong.
CIOs, don't let your admins grow up to be cowboys! Make it a policy and practice to require that system administrators use their own accounts to perform their jobs.
No comments:
Post a Comment