I find that security administrators often need to perform vulnerability checks on systems and these tasks need at least domain or local administrative rights. Does the security administrator need full domain admin rights or maybe just a power user? What is the best practice in regards to assigning windows roles to a security admin? thanks
Asked
Active
Viewed 396 times
2
-
Your question cannot be answered, as the correct thing to do might very well depend on the size and structure of your organisation. Small companies might have a single person appointed as sysadmin and CISO whilst very large companies have site reliability engineers for sysadmin tasks, security engineers that develop and maintain in-house tools and policies, and separate teams for penetration testing and security auditing. – Steve Dodier-Lazaro May 15 '15 at 14:36
1 Answers
3
A security administrator shouldn't need to have any access to any system within a production environment and certainly not any administrative access. Their function needs to be logically separate and independent to the roles of those users who perform administrative functions.
A security administrator should be able to run vulnerability scans, have access to review patching levels, anti-virus configuration, standard configuration information, review security logs etc. Each of these should be available through the production of reports from management systems or through application interfaces which can be presented to that user.
AndyMac
- 3,149
- 12
- 21