Article number 9 in a series dedicated to giving examples of the way IT security processes can help your company save money.
The incident that I refer to when I speak about the "Angry Administrator Revenge" is the one that happens when you sack an admin and that he uses his administrative rights to wreak havoc in your Information System. That's a pretty common case:
- Example 1: Ex-Gucci IT Employee Seeks Revenge on a $200,000 Hacking Spree
- Example 2: 10 Ways Fired Employees Got Their Revenge On Their Ex-Bosses / Former Firms
- Example 3: Disgruntled employees may seek IT revenge
Basically, almost everything in IT is protected by a password. Rare exceptions are the things that are not protected at all or the things that require more than just a password. However, password is the rule.
There are two kinds of passwords to be distinguished:
- The personal passwords, that are known by one person only.
- The shared passwords, that are known by multiple people.
The Password Management process does the following:
- It knows who's supposed to know (be in the shared secret) each password.
- It knows how to change them.
- It does change them whenever someone who knows them is no more in charge (or has been sacked).
- And, because there are sometimes more people who know a password than the few supposed to know it, it changes all passwords on a regular schedule, like once a year, or more for critical data.