What's the industry practice on granting read-only access accounts to
auditors ? Or generally request are sent to IT Ops who will extract it
& send to them?
I guess the lowest privilege account in Windows can still make changes
to the systems but for certain appliances (eg: proxy, AV EPO, IPS), any
risk of inadvertent changes being made?
I'm assuming the auditors are not trained (or semi-trained) in the specific
platforms / products only
What about UNIX Solaris & AIX?