RE: When IT Manager breaks rules
- From: "April Carson" <ACarson@xxxxxxxx>
- Date: Thu, 17 May 2007 13:09:35 -0500
Although I cannot site specifics from the law, I know there is something
in SOX compliance guidelines that have to do with account creation
workflows that you could use to create your case.
We are fortunate as we have Oracle. HR keys in the data, it generates an
email to us indicating a batch file ran and created the account in AD,
when we get the go ahead from the Division Admin we enable the account.
HR backs this up, as does the technology.
I hope this helped some.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of WALI
Sent: Wednesday, May 16, 2007 10:33 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: When IT Manager breaks rules
Hi guys...an odd question here!! I am mad at my IT Manager, he is such a
sissy!!
Being a internal security analyst in-charge, I want to enforce a few
policies at help desk. One of them is, not to create any user account
unless an email arrives from HR to HelpDesk, informing of the user's
badge
ID, the department he/she belongs to. The status of employment and all
those things. The procedures are in place but sometimes it so happens
that
some Head of the Dept. or executive management calls up our IT Manager
over
the phone, or send him an email directly which is then forwarded to our
Help Desk incharge who is then left with little options but to create
the
account without due processes. All policy compliance guidelines get
thrown
up in the air.
HelpDesk incharge is bound by his position to, not to defy IT manager
and
he is scared to tell me (sometimes he does) that IT manager is forcing
him
to dilute the AD account creation policy.
I don't want to confront IT manager based upon inputs by Helpdesk guys
but
would rather put a mechanism in place, where I would automatically come
to
know, that an account has been created and I can ask helpdesk to provide
proof of the email from HR arbitrarily and then confront the manager.
I know some Audit trails can be put and they would appear under Security
tab of Event manager ( or so I guess) but I need something more
automated
that would land in my mailbox.
Is this possible through any automated solution in AD of Windows 2003?
Probably MOM 2005 or the types?
In case I chose to confront HR Admin/ managers with a plea to stop
sending
such requests to our IT Manager and put their house in order, what all
genuine risks of 'not doing so' can I highlight? Ours is fairly large
corporation employing about a 1000 people.
This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying this e-mail is strictly prohibited.
- Follow-Ups:
- Re: When IT Manager breaks rules
- From: Byron (Yahoo)
- Re: When IT Manager breaks rules
- References:
- When IT Manager breaks rules
- From: WALI
- When IT Manager breaks rules
- Prev by Date: classification capable switches
- Next by Date: RE: When IT Manager breaks rules
- Previous by thread: When IT Manager breaks rules
- Next by thread: Re: When IT Manager breaks rules
- Index(es):
Relevant Pages
|
