Friday, January 25, 2008

Access Control follow up

This story seems to be every where now. Including some video on CNN -

It does appear that the accused used her own account to access and delete the files. I suspect that there will be some serious consideration of separation of duties and access at that office over the next few days. Take that to heart, learn the lesson and review your own networks (if you are the one responsible - if not, ask the person who is responsible for your network security if they are aware of the story)

The spokesperson for the Sheriff's department said it so well "the lesson to be learned here is that you can't depend on having one set of record or files and having your employees having accessibility to it. You've got to have some type of back up."

Security is not just about preventing. Security is also about being able to recover should something bad happen.

Be safe