Re: Depends if decent efforts at data security made by Morrisons
"At some point, somebody has admin privileges. If your admin is intent on committing criminal acts, what can you, as an employer without that expert knowledge, do?"
I work in a place where certain privileged pieces of work are performed under "four eyes" - the policy says you need two people present when the change is made. The admin accounts required are secured against use and must be "checked out", and there's an audit trail of the whole process.
It doesn't guarantee against rogue employees, but it does demonstrate an attempt to prevent an individual rogue using certain admin privileges in unintended ways. It isn't practical for every privilege, however that is a risk assessment each business must make.
Biting the hand that feeds IT
