Security Basics mailing list archives
RE: Conflict of interests
From: "Ian Bradshaw" <ian () ianbradshaw net>
Date: Mon, 4 May 2009 20:54:19 +0100
As long as you can justify it then it shouldn't be a problem. Though if you're not in the IT department I'd question why you're messing about with the network if it were my company. Even most of the IT dept won't have that access level I would have thought, so ... So in sort, if you can justify it then won't matter, but I don't think anyone outside the IT dept could justify domain admin access (even people in the IT dept. will struggle). What exactly do you need it for? Maybe chuck your justification round the list and see what people think? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of s0h0us () yahoo com Sent: 04 May 2009 19:17 To: security-basics () securityfocus com Subject: Conflict of interests As a security guy, not part of the IT department, I require a level of access in order to perform my job. Certain types of tools require privileged access in order to work. Like having domain admin access and/or similar privileged access for unix and linux systems. Is it reasonable to request this type of access without causing any type of conflict of interest that internal auditors might question? I guess audit trails would come in handy here. Thanks for the feedback. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Conflict of interests s0h0us (May 04)
- RE: Conflict of interests Ian Bradshaw (May 05)
- RE: Conflict of interests Nick Vaernhoej (May 05)
- Re: Conflict of interests Sebastien MAHIEUX (May 05)
- Message not available
- Re: Conflict of interests s0h0us (May 05)
- RE: Conflict of interests James Flaherty (May 05)
- Re: Conflict of interests s0h0us (May 05)
- RE: Conflict of interests James Flaherty (May 05)
- Re: Conflict of interests David Schekaiban (May 05)
- Re: Conflict of interests Richard Thomas (May 05)
- Re: Conflict of interests s0h0us (May 05)
- Re: Conflict of interests Richard Thomas (May 05)
- Re: Conflict of interests Aarón Mizrachi (May 06)
- Re: Conflict of interests s0h0us (May 05)