-
Re: Priviledge Accounts Best Practices
d09hOct 5, 2017 1:44 PM (in response to s-bolyard)
1 of 1 people found this helpfulSurely there are many. Here's one: https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege
-
Re: Priviledge Accounts Best Practices
d09hOct 5, 2017 12:28 PM (in response to s-bolyard)
1 of 1 people found this helpfulIf I were you I would document your conversation with him. Save the email. Might need an "I told you so" or perhaps an "I told him so". For CYA. Also, based on information from your profile, he might find the HIPAA rules pertinent: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
STANDARD § 164.312(a)(1) Access Control
The Security Rule defines access in § 164.304 as “the ability or the means necessary to read,
write, modify, or communicate data/information or otherwise use any system resource. (This
definition applies to “access” as used in this subpart, not as used in subpart E of this part [the
HIPAA Privacy Rule]).” Access controls provide users with rights and/or privileges to access
and perform functions using information systems, applications, programs, or files. Access
controls should enable authorized users to access the minimum necessary information needed to
perform job functions. Rights and/or privileges should be granted to authorized users based on a
set of access rules that the covered entity is required to
implement as part of § 164.308(a)(4), the Information Access
Management standard under the Administrative Safeguards
section of the Rule.
-
Re: Priviledge Accounts Best Practices
d09hOct 5, 2017 12:45 PM (in response to s-bolyard)
1 of 1 people found this helpful -
Re: Priviledge Accounts Best Practices
d09hOct 5, 2017 12:49 PM (in response to s-bolyard)
1 of 1 people found this helpful -
Re: Priviledge Accounts Best Practices
d09hOct 5, 2017 1:09 PM (in response to s-bolyard)
Even personnel who do need admin privileges should use a non-privileged account whenever possible, and the privileged account whenever necessary.
-
Re: Priviledge Accounts Best Practices
s-bolyard Oct 5, 2017 2:14 PM (in response to s-bolyard)Thank you d09h! I really appreciate. This is exactly what I needed.
-
Re: Priviledge Accounts Best Practices
d09hOct 6, 2017 10:26 AM (in response to s-bolyard)
Happy to help s-bolyard . With such a cavalier attitude toward security, you may find that your boss has issues on other fronts. You wouldn't want to be the next ransomware victim. Maybe you can get a security assessment done somehow to show where work is needed.
-