Security Basics mailing list archives
Administrators security training
From: s0h0us () yahoo com
Date: 6 Oct 2008 16:11:14 -0000
As ISO I put together trainig material as part of security awaress for staff and customers. I am in the proces of creating an information security training presentation for individuals, outside the IT department, who have administrative responsibilities for internal applications and web portals. (don't ask) These are not necessarily extremely technical people, so it is a high level presentation that will require some additional support from IT staff as well. Below is a list of topics I'm planning on covering. Any others you can suggest would be greatly appreciated: General responsibilities as an admin (privileged access, become familiar with security controls, stronger requirements for account passwords and expirations, point out application weaknesses and suggest ways to mitigate) How to perform entitlement reviews(identify users and "need to know", periodic review of users, minimize number of admin users, etc) How to review reports and application logs Documentation/procedures for creating, deleting, and modifying accounts) I have also developed a checklist that includes questions like: is the application accessible from non private networks, password and account requirements, bcp documentation, backup of data, dormant account reviews, session timeouts, etc) thanks for the feedback happy security awareness month!!
Current thread:
- Administrators security training s0h0us (Oct 06)
- Re: Administrators security training p1g (Oct 07)
- Re: Administrators security training ॐ aditya mukadam ॐ (Oct 07)