RE: When IT Manager breaks rules

Currently, I have written a security policy and got it signed by the CEO. That first release of policy manual (if I may call it), did not contain any clause mandating such a rule. Going by the fact that Security Polices are living documents, I have currently called this clause as a guideline with an aim to include it in the next release of my policy manual.

Now tell me, how should I word my so called 'bitch slap' clause. What would be the limitations?

By the way, I was wondering, how often in a year should I take my policy amendments to the CEO for his/her signatures? Are they required every time I add/edit a clause? It's only the first year and I don't think we can start with all the things included to start with in the first version of policy manual.

At 11:25 AM 5/23/2007 +1000, you wrote:
And get that 'bitch slap' clause included in the security policy. I want one
of those too.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Toby Barrick
Sent: Wednesday, May 23, 2007 6:04 AM
To: armfield@xxxxxxxx
Cc: WALI; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: When IT Manager breaks rules

I have been reading this thread for a while and there seems to be a lot
of solutions but no correct answers to your specific question. If your
IT manager is side stepping "rules" what are they? Are they company
mandated rules, Gov't regulations or what. Are the rules accepted and
promoted by "the company" as LAW, or just suggestions.

If they are accepted as the law - - then bitch slap the guy and escalate
as high as it takes to get his compliance. If the "rules" are just
suggestions, I would recommend quitting your job since you are the
security dude "in charge" and appear to have no enforcement capability.
A very bad spot to be in. You will be held accountable for ALL security
infractions be it by an IT manager, or Joe Blow visitor to your

Just my two cents.


Raoul Armfield wrote:
> We use a solution similar to what CAM Fischer is talking about. We use
> Microsoft Identity Integration Service (MIIS). This reads an export
> from the HR database and creates accounts and places them in the
> appropriate OU.
> Raoul
> WALI wrote, On 5/16/2007 11:33 PM:
>> Hi odd question here!! I am mad at my IT Manager, he is
>> such a sissy!!
>> Being a internal security analyst in-charge, I want to enforce a few
>> policies at help desk. One of them is, not to create any user account
>> unless an email arrives from HR to HelpDesk, informing of the user's
>> badge ID, the department he/she belongs to. The status of employment
>> and all those things. The procedures are in place but sometimes it so
>> happens that some Head of the Dept. or executive management calls up
>> our IT Manager over the phone, or send him an email directly which is
>> then forwarded to our Help Desk incharge who is then left with little
>> options but to create the account without due processes. All policy
>> compliance guidelines get thrown up in the air.
>> HelpDesk incharge is bound by his position to, not to defy IT manager
>> and he is scared to tell me (sometimes he does) that IT manager is
>> forcing him to dilute the AD account creation policy.
>> I don't want to confront IT manager based upon inputs by Helpdesk
>> guys but would rather put a mechanism in place, where I would
>> automatically come to know, that an account has been created and I
>> can ask helpdesk to provide proof of the email from HR arbitrarily
>> and then confront the manager.
>> I know some Audit trails can be put and they would appear under
>> Security tab of Event manager ( or so I guess) but I need something
>> more automated that would land in my mailbox.
>> Is this possible through any automated solution in AD of Windows
>> 2003? Probably MOM 2005 or the types?
>> In case I chose to confront HR Admin/ managers with a plea to stop
>> sending such requests to our IT Manager and put their house in order,
>> what all genuine risks of 'not doing so' can I highlight? Ours is
>> fairly large corporation employing about a 1000 people.

Relevant Pages

  • Re: The local policy of this system does not permit you to logon i
    ... Security policies were propagated with warning. ... Error 0x534 occurs when a user account in one or more Group Policy objects ... I have checked the security policies & the administrator profile is not ...
  • Re: RSoP Lockout Account
    ... major part of the Domain concept is a unified and enforced security regime. ... The password policy is enforced by the computer (i.e. a domain controller ... not when the user account is authenticated by that computer. ... controllers won't have any affect on domain user accounts. ...
  • Re: Problems with 529 Events
    ... Step 2: Configure account lockout policy. ... Windows Settings, double-click Security Settings, double-click Account ... The issue may occur if the remote SBS server sends broadcast ...
  • Re: webservice problem
    ... first check the local system policy and make sure the local system ... account is not set as a member of the guest account since the guest ... (this is under local security settings/user rights assignment), ... Test the client on the local machine, ...
  • Fwd: Oh Dear, Where to start?!
    ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...