|
Administrative access, even minimally possessed, is a very powerful and prized privilege and should always be delegated in a secure fashion.
In the wrong hands administrative access can be easily and very quickly misused to inflict significant damage to organizational IT assets.
For example, if an individual could reset the CEO's password, (s)he could instantly logon as the CEO, access all docs and apps that the CEO has access to, and send email and issue directives as coming from the CEO.
Accidental, intentional or coerced misuse of administrative authority is thus one of most serious unmitigated security risks that organizations face today.
Organizations running on Active Directory in particular are highly exposed to this risk because they lack the means to precisely identify and thus reliably lock-down powerful delegated administrative access grants.
This section helps IT managers, security personnel, executives and administrators understand the security risks associated with administrative delegation in their Active Directory based IT infrastructures.
|