Security Basics mailing list archives
Re: Conflict of interests
From: Adam Pal <pal_adam () gmx net>
Date: Tue, 5 May 2009 22:00:11 +0200
Hi, From my point of view, you need a functional access right, delegated by (eventualy) general manager. Domain admin right is not needed since it is not the task to perform AD-operations, this right remains for the IT-department. As a security guy you can request the needed logs and tools or perform a validation of the tools. I dont consider security as executive part, the execution is to be performed by the IT. Just my 2 cents. -- Best regards, Adam Pal Monday, May 4, 2009, 8:16:45 PM, you wrote: <==============Original message text=============== syc> As a security guy, not part of the IT department, I require a syc> level of access in order to perform my job. Certain types of syc> tools require privileged access in order to work. Like having syc> domain admin access and/or similar privileged access for unix and syc> linux systems. Is it reasonable to request this type of access syc> without causing any type of conflict of interest that internal syc> auditors might question? I guess audit trails would come in handy here. syc> Thanks for the feedback. syc> ------------------------------------------------------------------------ syc> This list is sponsored by: InfoSec Institute syc> Learn all of the latest penetration testing techniques in syc> InfoSec Institute's Ethical Hacking class. syc> Totally hands-on course with evening Capture The Flag (CTF) syc> exercises, Certified Ethical Hacker and Certified Penetration syc> Tester exams, taught by an expert with years of real pen testing experience. syc> http://www.infosecinstitute.com/courses/ethical_hacking_training.html syc> ------------------------------------------------------------------------ <===========End of original message text===========
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Conflict of interests, (continued)
- Re: Conflict of interests Sebastien MAHIEUX (May 05)
- Message not available
- Re: Conflict of interests s0h0us (May 05)
- RE: Conflict of interests James Flaherty (May 05)
- Re: Conflict of interests s0h0us (May 05)
- RE: Conflict of interests James Flaherty (May 05)
- Re: Conflict of interests David Schekaiban (May 05)
- Re: Conflict of interests Richard Thomas (May 05)
- Re: Conflict of interests s0h0us (May 05)
- Re: Conflict of interests Richard Thomas (May 05)
- Re: Conflict of interests Aarón Mizrachi (May 06)
- RE: Conflict of interests Dave Kleiman (May 06)
- Re: Conflict of interests s0h0us (May 05)
- Re: Conflict of interests Adam Pal (May 05)
- Re: Conflict of interests aaa . bbb (May 05)
- Re: Re: Conflict of interests raketomet (May 11)