RE: When IT Manager breaks rules
- From: "Murda Mcloud" <murdamcloud@xxxxxxxxxxx>
- Date: Wed, 23 May 2007 11:25:17 +1000
And get that 'bitch slap' clause included in the security policy. I want one
of those too.
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Toby Barrick
Sent: Wednesday, May 23, 2007 6:04 AM
Cc: WALI; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: When IT Manager breaks rules
I have been reading this thread for a while and there seems to be a lot
of solutions but no correct answers to your specific question. If your
IT manager is side stepping "rules" what are they? Are they company
mandated rules, Gov't regulations or what. Are the rules accepted and
promoted by "the company" as LAW, or just suggestions.
If they are accepted as the law - - then bitch slap the guy and escalate
as high as it takes to get his compliance. If the "rules" are just
suggestions, I would recommend quitting your job since you are the
security dude "in charge" and appear to have no enforcement capability.
A very bad spot to be in. You will be held accountable for ALL security
infractions be it by an IT manager, or Joe Blow visitor to your
Just my two cents.
Raoul Armfield wrote:
We use a solution similar to what CAM Fischer is talking about. We use
Microsoft Identity Integration Service (MIIS). This reads an export
from the HR database and creates accounts and places them in the
WALI wrote, On 5/16/2007 11:33 PM:
Hi guys...an odd question here!! I am mad at my IT Manager, he is
such a sissy!!
Being a internal security analyst in-charge, I want to enforce a few
policies at help desk. One of them is, not to create any user account
unless an email arrives from HR to HelpDesk, informing of the user's
badge ID, the department he/she belongs to. The status of employment
and all those things. The procedures are in place but sometimes it so
happens that some Head of the Dept. or executive management calls up
our IT Manager over the phone, or send him an email directly which is
then forwarded to our Help Desk incharge who is then left with little
options but to create the account without due processes. All policy
compliance guidelines get thrown up in the air.
HelpDesk incharge is bound by his position to, not to defy IT manager
and he is scared to tell me (sometimes he does) that IT manager is
forcing him to dilute the AD account creation policy.
I don't want to confront IT manager based upon inputs by Helpdesk
guys but would rather put a mechanism in place, where I would
automatically come to know, that an account has been created and I
can ask helpdesk to provide proof of the email from HR arbitrarily
and then confront the manager.
I know some Audit trails can be put and they would appear under
Security tab of Event manager ( or so I guess) but I need something
more automated that would land in my mailbox.
Is this possible through any automated solution in AD of Windows
2003? Probably MOM 2005 or the types?
In case I chose to confront HR Admin/ managers with a plea to stop
sending such requests to our IT Manager and put their house in order,
what all genuine risks of 'not doing so' can I highlight? Ours is
fairly large corporation employing about a 1000 people.
- RE: When IT Manager breaks rules
- From: WALI
- RE: When IT Manager breaks rules
- Prev by Date: RE: Security Awareness - Best Ways
- Next by Date: Re: Security Awareness - Best Ways
- Previous by thread: Fwd: When IT Manager breaks rules
- Next by thread: RE: When IT Manager breaks rules