Building A Program To Manage And Monitor Administrators
Monitoring the activities of privileged users or server administrators is becoming a common requirement in many organizations for a few reasons:
- Compliance with legal or regulatory requirements, such as PCI, HIPAA, etc
- Performing outsourcing services to clients who require controls to prevent the service provider’s employees from causing harm to the client.
- A recent experience where a trusted employee performed some malicious action
In this realm of managing administrators, there are two primary objectives:
- Individual accountability
- Proactive monitoring of actions taken
Many administrators have the opinion that once you allow a person to act as root, all bets are off. That is true to a large extent, and will require a fundamental change in thinking for some. Controls need to be implemented to manage the actions of these privileged users in a manner that is commensurate with the risk of the system(s), applications and data being managed. Read more…
Categories: Compliance, Policy Tags: SUDO