WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search






Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.4  Policy and Procedures
           9  5.4.1  Security Policy
                9  5.4.1.9  HR (Human Resources) Policy

Previous Topic/Section
5.4.1.9.1  Termination
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.4.1.9.3  Code of Ethics
Next Topic/Section

5.4.1.9.2  Hiring

It is the duty of the IT department to work with HR to add/revoke passwords, privileges, etc. for both temporary and permanent staff. This is not being handled properly according to NetworkWorld440. For example, just as it is not at all uncommon to browse through a company’s user account list and see accounts tied to users who have not been associated with the organization for several years, it is not uncommon to see more than a handful of users with administrative privileges – many of whom do not work as network administrators.

When adding accounts, it is too easy to just give an employee access to everything he or she might possibly ever need, rather than paying attention to what his or her job duties are, and assigning privileges accordingly, as required by the principle of least privilege.

Adding Accounts

Be sure to remember the principle of least privilege when adding accounts. You do not have to give administrator privileges to every user, or even every developer, in your organization.



 __________________

440. http://www.nwfusion.com/archive/2001/124370_08-27-2001.html

Previous Topic/Section
5.4.1.9.1  Termination
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.4.1.9.3  Code of Ethics
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.