Security Basics mailing list archives
Re: Outsourcing of User Administration
From: "Eric Zatko" <EZatko () co lucas oh us>
Date: Wed, 28 Mar 2007 11:14:10 -0400
Christine, Great question! Bruce Schneier says that "On the one hand, the promises of outsourced security seem so attractive: the potential to significantly increase your network's security without hiring half a dozen people or spending a fortune is impossible to ignore. On the other hand, there are the stories of managed security companies going out of business, and bad experiences with outsourcing other areas of IT. It's no wonder that paralysis is the most common reaction to the whole thing." I interpret him to say that outsourcing your user/security management is a bad idea. Check it out here: http://www.counterpane.com/outsourcing.pdf Regards, Eric Zatko "Whatever has overstepped its due bounds is always in a state of instability." Lucius Annaeus Seneca (4 BC-65) Roman philosopher and playwright.
<christine_pouliot () cargill com> Sunday, March 25, 2007 5:47 PM >>>
I am interested to know who has outsourced the user admin function including add, change, delete of Active Directory accounts, business applications and Directory services. What controls were used to ensure that the outsourcer did not have availability to intellectual capital.
Current thread:
- Outsourcing of User Administration christine_pouliot (Mar 26)
- <Possible follow-ups>
- Re: Outsourcing of User Administration Eric Zatko (Mar 28)
- RE: Outsourcing of User Administration Jeff Dinger (Mar 28)