BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

5 Things to Tell the CEO about Admin Privileges

Posted February 16, 2011    Peter McCalister

Every organization has their own quirks. Sometimes leadership isn’t involved enough for certain projects to be successful. Other times they’re too involved. And sometimes it feels like everything is just too much of a mess.  This is especially true when it comes to IT  security and compliance across physical, virtual and cloud environments.

It doesn’t happen often, but when a CEO gets interested in IT security, often we’re breathless. What do we tell him/her? What would the CEO ask about? CIOupdate recently wrote on 10 security questions your CEO should ask. So we wanted to put together the 5 questions you might be asked about administrative privileges and what your answers should be.

  • Q: Do you trust our staff?
    A: Yes, of course! But we don’t rely on trust alone
  • Q: What processes are in place to protect these privileges?
    A: Approvals, mitigated privileges and keystroke monitoring
  • Q: What are we doing to protect us from honest mistakes made by our own staff
    A: Oh dear do I hope you can say that administrative privileges have been removed from desktop users!
  • Q: What are we doing to protect the cloud?
    A: Enforced SLAs with our cloud vendors to follow the same policies we use internally
  • Q: What’s next?
    A: Don’t forget to plug your next project you need support and/or funding for.

Leave a Reply

Additional articles

skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,
AHHA_PRO.LOGO

Privileged Account Management – Another AH-HA in Cyber Security

Posted June 25, 2015    Nigel Hedges

I strongly believe that the Top 4 mitigation strategies don’t just simply apply to Australian organizations, it should be a global realization, a worldwide “ah ha!” for those still not quite understanding the importance here. Here’s a refresher (or intro) on the Top 4 mitigation strategies. Read on…

Tags:
, ,