It is the duty of the IT department to work with HR to add/revoke passwords, privileges, etc. for both temporary and permanent staff. This is not being handled properly according to NetworkWorld440. For example, just as it is not at all uncommon to browse through a companys user account list and see accounts tied to users who have not been associated with the organization for several years, it is not uncommon to see more than a handful of users with administrative privileges many of whom do not work as network administrators.
When adding accounts, it is too easy to just give an employee access to everything he or she might possibly ever need, rather than paying attention to what his or her job duties are, and assigning privileges accordingly, as required by the principle of least privilege.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.