Sister CISA CISSP

Apr 9 2008   3:13AM GMT

Time for an “Auditor” Admin-level ID or the End of Auditor Shoulder-Surfing

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

One of the biggest time wasters I experience during an IT audit is have to ask an administrator to:

a. Run tools/scripts for me in order to access information
b. “Shoulder-surfing” with an admin in order to collect information/screen shots.

It’s a waste of my time, since I know where to go on a network to get what I need, and an even bigger waste of an admin’s time to collect all the stuff for me.

If, of course, they already had it on hand, as a good admin should…..but, I digress.

So, OK, Microsoft, SUN, HP, Red Hat, IBM, etc.: isn’t it about time you created an auditor function/ID? How about an ID that would have administrative READ ONLY access? Look everywhere, touch nothing? And, make the ID uniquely trackable? Like the admin ID should be, but again…..

This would have incredible value in the business world, for in-house auditors, as well as us external folks. How about it?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: