Educause Security Discussion mailing list archives

Re: The value of 'least privilege'

From: randy marchany <marchany () VT EDU>
Date: Tue, 30 Mar 2010 17:00:16 -0400

Steve says:

To accomplish this they had to make a strong business case to get executive
level support, which in part included guaranteeing acceptable turnaround on
software installation (for our largest school they guaranteed 24 hour
turnaround).


This is the critical piece that ensures success of the "restrict
rights" security control. Get your executive level support by
establishing a guaranteed time for software installation as needed by
the end user. This makes the control effective. It does make extra
work for sysadmins to some extent but in the long run, everyone wins.
Admins get a more secure environment and users get the software they
need to do their work.

-r.

Current thread:

Re: The value of 'least privilege', (continued)
- Re: The value of 'least privilege' Mike Hanson (Mar 30)
- Re: The value of 'least privilege' randy marchany (Mar 30)
- Re: The value of 'least privilege' Eric Case (Mar 30)
- Re: The value of 'least privilege' Basgen, Brian (Mar 30)
- Re: The value of 'least privilege' Eric Case (Mar 30)
- Re: The value of 'least privilege' Sarazen, Daniel (Mar 30)
- Re: The value of 'least privilege' Jeffrey I. Schiller (Mar 30)
- Re: The value of 'least privilege' Matthew Wollenweber (Mar 30)
- Re: The value of 'least privilege' Howe, Joe (Mar 30)
- Re: The value of 'least privilege' Steve Werby (Mar 30)
- Re: The value of 'least privilege' randy marchany (Mar 30)