Who should have an OS administrator password?
Assign topic to the user
Answer:
The best practice, or the standard commonly used, is to use an unique user ID for each employee, because with this way employees are clearly linked with users, and is easy to follow their actions (for example reviewing logs). So, if you have an user that needs to have special privileges to configure an information system (or to access to special resources), this user is the unique person that should have the password of the administrator, because only this user should perform the changes.
By the way, you can define this through a Password Policy, so our template can be interesting for you (you can see a free version clicking on “Free demo” tab) “Password Policy” : https://advisera.com/27001academy/documentation/Password-Policy/
And our online course can be also interesting for you because we give more best practices about information security “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 03, 2016