[unisog] Administrative and Privileged Access Policy

Andrew Cormack A.Cormack at ukerna.ac.uk
Tue Mar 25 11:31:41 GMT 2003


Jim,
I put together a Systems Administrators' Charter which is the document I
wish I'd had when I was a sysadmin. It's at
http://www.ja.net/cert/JANET-CERT/regulation/sysadmin_charter.html

The UK HE IT directors' organisation, UCISA, have been recommending it and a
number of our sites have reported that it works well for them. If you think
it would work in the US too then I'd be delighted for it to be used,
provided the origin is credited. Equally, if you have comments or
suggestions on how it could be improved, I'd be delighted to hear those.

Cheers
Andrew

> ----------
> From: 	Jim Dillon[SMTP:Jim.Dillon at cusys.edu]
> Sent: 	19 March 2003 17:12
> To: 	SANS (E-mail)
> Subject: 	[unisog] Administrative and Privileged Access Policy
> 
> One of our campuses has recently finalized a new AUP which defines not
> only end user rights and responsibilities, but also defines some
> expectations for "privileged access."   
> 
> We would like to develop some standards and guidelines for
> administrative/privileged access to publish or have administrators
> acknowledge as part of their work agreement.  If any of you has such an
> agreement (rights and responsibilities of system administrators/privileged
> access) or standards guideline we'd appreciate a copy or a pointer to it
> if it is online.  The goal is to be comprehensive and ensure we don't
> overlook anything useful or innovative someone else has already developed.
> Feel free to send responses directly to me at the email address in the sig
> block below.  
> 
> Thanks and best regards,
> 
> Jim 
> 
> ======================================
> Jim Dillon, CISA
> IT Audit Manager
> University of Colorado
> jim.dillon at cusys.edu
> Phone: 303-492-9734
> Dept. Phone: 303-492-9730
> Fax: 303-492-9737
> ======================================
> 



More information about the unisog mailing list