Educause Security Discussion mailing list archives

SYSADM and Security

From: Mark Staples <MSTAPLES () MAIL MCG EDU>
Date: Wed, 3 Jan 2007 15:48:24 -0500

I've been wondering what other institutions are doing about system
accounts (i.e. sysadm with PeopleSoft) that have full administrative
access and can be used by any DBA, which then impacts effective
monitoring and accountability.

I'm being told that there is no way around the regular use of these
type of accounts and I need to accept the risk and trust our DBAs.
While I "believe" what I'm being told, I'd like to find out what other
institutions are doing to address the use of system accounts.

Thanks!

Mark


-----
Mark Staples
Director of Information Security/Chief Information Security Officer
IT Research Liaison
Medical College of Georgia
Office: 706-721-1577
FAX: 706-721-7296
mstaples () mcg edu

--------

All information in the communication, including attachments, is
strictly confidential and intended solely for delivery to the
addressee(s) identified above (ie, To/cc/bc), and may contain
privileged, confidential, proprietary and /or intellectual property
entitled to protection from disclosure under applicable law.  If you are
not the intended recipient, please take note that any use, distribution
or copying of this communication is unauthorized and may be unlawful.
If you have received this communication in error, please notify the
sender, delete this correspondence from your computer, and destroy any
printed copies of this communication.

Attachment: Staples-MCG.vcf
Description:

Current thread:

SYSADM and Security Mark Staples (Jan 03)
- <Possible follow-ups>
- Re: SYSADM and Security Allan Williams (Jan 03)
- Re: SYSADM and Security Alan Amesbury (Jan 03)
- Re: SYSADM and Security Theresa M Rowe (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 06)