Does your organization have some set of processes that live on paper, or in spreadsheets, or some other "out of band" method of administration? And you, the Directory Manager are trying to explain why there are some interesting number of accounts in your directory that are non-conforming in some way? Don't have password expiration, or don't have a long enough password?
You need a strategy for controlling the data that governs these exceptions; maybe even would like to to know the who what where of what is governing them. A reasonable request. You started looking into it. You found some things, but others eluded you. Time and effort constraints caused the pertinence of these issue to slip off your radar.
Then the auditors came...
They gave your boss a report. It was full of words like "non-conforming", "out of standards", "in violation of" and the like. Sheesh! Your boss sends you the 6:00AM email that asks what this is all about. How can it be??
No comments:
Post a Comment