sunhux
asked on
Read-only access for auditors
What's the industry practice on granting read-only access accounts to
auditors ? Or generally request are sent to IT Ops who will extract it
& send to them?
I guess the lowest privilege account in Windows can still make changes
to the systems but for certain appliances (eg: proxy, AV EPO, IPS), any
risk of inadvertent changes being made?
I'm assuming the auditors are not trained (or semi-trained) in the specific
platforms / products only
What about UNIX Solaris & AIX?
auditors ? Or generally request are sent to IT Ops who will extract it
& send to them?
I guess the lowest privilege account in Windows can still make changes
to the systems but for certain appliances (eg: proxy, AV EPO, IPS), any
risk of inadvertent changes being made?
I'm assuming the auditors are not trained (or semi-trained) in the specific
platforms / products only
What about UNIX Solaris & AIX?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guess for Windows, you'll need administrative priv to view many items.
But for AV EPO (incl Deep Security) & Cisco switches/routers, you don't need
admin privilege to see most of the info. Going to be quite a justification to
stop such a request for readonly account.
To me, an untrained person will keep asking lots of questions & this is
highly disruptive to work/normal operations
But for AV EPO (incl Deep Security) & Cisco switches/routers, you don't need
admin privilege to see most of the info. Going to be quite a justification to
stop such a request for readonly account.
To me, an untrained person will keep asking lots of questions & this is
highly disruptive to work/normal operations
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
creates unnecessary overheads