Educause Security Discussion mailing list archives
Re: The value of 'least privilege'
From: randy marchany <marchany () VT EDU>
Date: Tue, 30 Mar 2010 17:00:16 -0400
Steve says:
To accomplish this they had to make a strong business case to get executive level support, which in part included guaranteeing acceptable turnaround on software installation (for our largest school they guaranteed 24 hour turnaround).
This is the critical piece that ensures success of the "restrict rights" security control. Get your executive level support by establishing a guaranteed time for software installation as needed by the end user. This makes the control effective. It does make extra work for sysadmins to some extent but in the long run, everyone wins. Admins get a more secure environment and users get the software they need to do their work. -r.
Current thread:
- Re: The value of 'least privilege', (continued)
- Re: The value of 'least privilege' Mike Hanson (Mar 30)
- Re: The value of 'least privilege' randy marchany (Mar 30)
- Re: The value of 'least privilege' Eric Case (Mar 30)
- Re: The value of 'least privilege' Basgen, Brian (Mar 30)
- Re: The value of 'least privilege' Eric Case (Mar 30)
- Re: The value of 'least privilege' Sarazen, Daniel (Mar 30)
- Re: The value of 'least privilege' Jeffrey I. Schiller (Mar 30)
- Re: The value of 'least privilege' Matthew Wollenweber (Mar 30)
- Re: The value of 'least privilege' Howe, Joe (Mar 30)
- Re: The value of 'least privilege' Steve Werby (Mar 30)
- Re: The value of 'least privilege' randy marchany (Mar 30)