Home page logo

educause logo Educause Security Discussion mailing list archives

Re: SYSADM and Security
From: Theresa M Rowe <rowe () OAKLAND EDU>
Date: Wed, 3 Jan 2007 20:23:02 -0500

Agree on that - we have split sys admin and DBA functions.  Both of these 
functions report to an architecture manager.  We also put all the administrative 
application development and support on a separate team reporting to a different 
manager.  Security review and audit is the responsibility of a third team and 
manager.  We've also outsourced DBA work on a regular monthly contract and 
we expect there to be some review of work on both sides.  

---- Original message ----
Date: Thu, 4 Jan 2007 10:42:58 +1100
From: Allan Williams <allan.williams () ANU EDU AU>  
Subject: Re: [SECURITY] SYSADM and Security  

  We have a similar situation but have tried to
  mitigate the risk though the separation of
  duties.  We have a syadmin and a DBA team each
  responsible for agreed specific tasks.  Getting
  them to work together and respect the
  virtual boundaries took a little work as the
  desired expertise for some tasks lay with the other
  group.  It's not perfect and still relies on a
  level of trust but seems to work. 
  On 04/01/2007, at 7:48 AM, Mark Staples wrote:

    I've been wondering what other institutions are
    doing about system accounts (i.e. sysadm with
    PeopleSoft) that have full administrative access
    and can be used by any DBA, which then impacts
    effective monitoring and accountability.
    I'm being told that there is no way around the
    regular use of these type of accounts and I need
    to accept the risk and trust our DBAs.  While I
    "believe" what I'm being told, I'd like to find
    out what other institutions are doing to address
    the use of system accounts.
    Mark Staples
    Director of Information Security/Chief Information
    Security Officer
    IT Research Liaison
    Medical College of Georgia
    Office: 706-721-1577
    FAX: 706-721-7296
    mstaples () mcg edu


    All information in the communication, including
    attachments, is strictly confidential and intended
    solely for delivery to the addressee(s) identified
    above (ie, To/cc/bc), and may contain privileged,
    confidential, proprietary and /or intellectual
    property entitled to protection from disclosure
    under applicable law.  If you are not the
    intended recipient, please take note that any use,
    distribution or copying of this communication is
    unauthorized and may be unlawful.  If you have
    received this communication in error, please
    notify the sender, delete this correspondence from
    your computer, and destroy any printed copies of
    this communication.

  Allan Williams
  Division of Information
  R.G. Menzies Building
  Building 2
  The Australian National University
  Canberra ACT 0200
  T: +61 2 6125 8404
  M: 0400 480 144
  CRICOS Provider #00120C

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]