Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Conflict of interests

From: "James Flaherty" <jflaherty () itsfac com>
Date: Tue, 5 May 2009 08:57:47 -0400
I would say that your requests, with reasonable explanation, should be
granted.  You may need a brief and have your boss back you up with some
muscle, but if your requests are legit, there's no reason anyone should
have a problem with granting you specific access.  If your company is on
the government/military side I could definitely see your request getting
denied, but otherwise you should be good to go.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of s0h0us () yahoo com
Sent: Monday, May 04, 2009 2:17 PM
To: security-basics () securityfocus com
Subject: Conflict of interests

As a security guy, not part of the IT department, I require a level of
access in order to perform my job. Certain types of tools require
privileged access in order to work. Like having domain admin access
and/or similar privileged access for unix and linux systems. Is it
reasonable to request this type of access without causing any type of
conflict of interest that internal auditors might question? I guess
audit trails would come in handy here.
Thanks for the feedback.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught
by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------



Important Notice: This email message and any attachments may contain information and/or trade secrets that are private, 
and are meant to be delivered solely for the use of the intended recipient(s). If you are not the intended recipient, 
please do not read, copy, use, forward or disclose the contents of this communication to others. Interception of e-mail 
is a crime under the Electronic Communications Privacy Act, 18 U.S.C. 2510-2522 and 2701-2709. If you have received 
this email in error, please immediately notify us by return email or by telephone at [703-221-0200 Ext 51119] and 
promptly delete this message. Thank You.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: