Announcement

Collapse
No announcement yet.

Auditing Super Users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Auditing Super Users

    Iíve been set the task of coming up with a solution to the age old problem of auditing super users, by this I mean Systems Administrators and anyone with domain Administration access. Currently my company does not audit Super Users as there are only really 2 of us. The IT dept consists of 5 users, 3 programmers and 2 Sys Admins but Im not being told we need to have something in place to audit us all. I donít even know where to start really.

    Is there a standard set way to do this, does anyone have any suggestions on how this is done. Or does anyone currently have to do this?

    Nay help on this one would be greatly appreciated.

  • #2
    Re: Auditing Super Users

    Do they know about this? Is that for compliance purposes? What exactly is going to be audited?
    A start would be to look at Observe-IT : http://www.petri.com/record-audit-te...t-overview.htm
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Auditing Super Users

      The audit is for IT security compliance. We arenít a bank but our parent company is so we fall under a load of rules & regs they have to follow. One of the key areas we have nothing in place for is Super Users. Basically if someone wanted to know what system's Id been accessing, or changes Id made to a system we donít have much in place currently to lock this down.

      As its something new to me I donít even know what we would audit each other on. Iím part of the IT dept and I the plan is definitely to let people know everything is audited. I think this is more to warn people if they do step out of line we can check and you will be dealt with accordingly. Everyone needs to know where they stand and what the rules are. In the past our company had suffered a few security breaches before I took over IT Security and this is the exact thing we are trying to prevent. If a system cant be locked down then people need to think it is. Prevention rather than cure if this makes sense.

      Comment

      Working...
      X