Baby sitting IT security admins. Five questions the City of San Francisco should have asked.

San Fran City Hall

The ongoing Terry Childs fiasco within the city government of San Francisco could have been easily avoided. Thanks to Chad Perrin for his excellent summary of the story.  As things stand the city is not able to update, change, or manage their WAN because they have had the only person who knows the admin passwords arrested and retained on a $5 million bond.  

Read Chad's post for the details.  My advice is for every business owner and government administration to immediately check on the controls of their IT infrastructure. Ask yourself these questions:

1. Do you have centralized authentication and rights management?

2. Are passwords on infrastructure devices and applications routinely changed?

3. Who are the key individuals in your security hierarchy?  Have you exposed yourself to unacceptable risk levels by granting them too high a level of trust?

4. Do you do background checks on new hires?

5. Do you have a written policy governing administrative passwords and rights management?

The answers to these questions are going to give you your task list for the remaining weeks of the summer. Get your access control system under control before you face the same embarrassment the City of San Francisco is suffering.   

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.