Educause Security Discussion mailing list archives
Re: SYSADM and Security
From: Theresa M Rowe <rowe () OAKLAND EDU>
Date: Wed, 3 Jan 2007 20:23:02 -0500
Agree on that - we have split sys admin and DBA functions. Both of these functions report to an architecture manager. We also put all the administrative application development and support on a separate team reporting to a different manager. Security review and audit is the responsibility of a third team and manager. We've also outsourced DBA work on a regular monthly contract and we expect there to be some review of work on both sides. Theresa ---- Original message ----
Date: Thu, 4 Jan 2007 10:42:58 +1100 From: Allan Williams <allan.williams () ANU EDU AU> Subject: Re: [SECURITY] SYSADM and Security To: SECURITY () LISTSERV EDUCAUSE EDU G'day, We have a similar situation but have tried to mitigate the risk though the separation of duties. We have a syadmin and a DBA team each responsible for agreed specific tasks. Getting them to work together and respect the virtual boundaries took a little work as the desired expertise for some tasks lay with the other group. It's not perfect and still relies on a level of trust but seems to work. Regards, Allan On 04/01/2007, at 7:48 AM, Mark Staples wrote: I've been wondering what other institutions are doing about system accounts (i.e. sysadm with PeopleSoft) that have full administrative access and can be used by any DBA, which then impacts effective monitoring and accountability. I'm being told that there is no way around the regular use of these type of accounts and I need to accept the risk and trust our DBAs. While I "believe" what I'm being told, I'd like to find out what other institutions are doing to address the use of system accounts. Thanks! Mark ----- Mark Staples Director of Information Security/Chief Information Security Officer IT Research Liaison Medical College of Georgia Office: 706-721-1577 FAX: 706-721-7296 mstaples () mcg edu -------- All information in the communication, including attachments, is strictly confidential and intended solely for delivery to the addressee(s) identified above (ie, To/cc/bc), and may contain privileged, confidential, proprietary and /or intellectual property entitled to protection from disclosure under applicable law. If you are not the intended recipient, please take note that any use, distribution or copying of this communication is unauthorized and may be unlawful. If you have received this communication in error, please notify the sender, delete this correspondence from your computer, and destroy any printed copies of this communication. <Staples-MCG.vcf> ================================== Allan Williams Division of Information R.G. Menzies Building Building 2 The Australian National University Canberra ACT 0200 T: +61 2 6125 8404 M: 0400 480 144 www.anu.edu.au CRICOS Provider #00120C ==================================
Current thread:
- SYSADM and Security Mark Staples (Jan 03)
- <Possible follow-ups>
- Re: SYSADM and Security Allan Williams (Jan 03)
- Re: SYSADM and Security Alan Amesbury (Jan 03)
- Re: SYSADM and Security Theresa M Rowe (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 06)