Educause Security Discussion
mailing list archives
Re: SYSADM and Security
From: Allan Williams <allan.williams () ANU EDU AU>
Date: Thu, 4 Jan 2007 10:42:58 +1100
We have a similar situation but have tried to mitigate the risk
though the separation of duties. We have a syadmin and a DBA team
each responsible for agreed specific tasks. Getting them to work
together and respect the virtual boundaries took a little work as the
desired expertise for some tasks lay with the other group. It's not
perfect and still relies on a level of trust but seems to work.
On 04/01/2007, at 7:48 AM, Mark Staples wrote:
I've been wondering what other institutions are doing about system
accounts (i.e. sysadm with PeopleSoft) that have full
administrative access and can be used by any DBA, which then
impacts effective monitoring and accountability.
I'm being told that there is no way around the regular use of these
type of accounts and I need to accept the risk and trust our DBAs.
While I "believe" what I'm being told, I'd like to find out what
other institutions are doing to address the use of system accounts.
Director of Information Security/Chief Information Security Officer
IT Research Liaison
Medical College of Georgia
mstaples () mcg edu
All information in the communication, including attachments, is
strictly confidential and intended solely for delivery to the
addressee(s) identified above (ie, To/cc/bc), and may contain
privileged, confidential, proprietary and /or intellectual property
entitled to protection from disclosure under applicable law. If
you are not the intended recipient, please take note that any use,
distribution or copying of this communication is unauthorized and
may be unlawful. If you have received this communication in error,
please notify the sender, delete this correspondence from your
computer, and destroy any printed copies of this communication.
Division of Information
R.G. Menzies Building
The Australian National University
Canberra ACT 0200
T: +61 2 6125 8404
M: 0400 480 144
CRICOS Provider #00120C