Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Standard operations question

From: Frank Barton <bartonf () HUSSON EDU>
Date: Thu, 21 Feb 2019 10:41:06 -0500
I would agree that the service owner should be responsible for the account,
however, in the spirit of 'checks-and-balances', i would suggest that the
datacenter team routinely 'audit' the account, and the continued need for
the account with the owning team

On Thu, Feb 21, 2019 at 10:37 AM Julian Y Koh <kohster () northwestern edu>
wrote:


On Feb 21, 2019, at 09:21, Jared Evans <jared.evans () GALLAUDET EDU> wrote:

A department has gone with a service provided by an external party and has
a support contract with them.  This support service necessitates a VPN
account along with an user account (along with appropriate access control
placed upon it).  While we have created and filed the documentation for
this account, who is ultimately responsible for this account going
forward?

The system owner of the service who has set the justification for the
existence of the account or the datacenter team which maintains our
accounts?


IMO the service owner should be responsible for the account.

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html>




-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: