> the company must be seen as doing everything possible to
> ensure that the files and emails are confidential.

There you have it. Remove admin permissions from the resources and setup
auditing so that if the admin (you) try to bypass this by taking
ownership it will be logged. In your company's security policy state
that all logs must be saved before clearing and two people must be
present to save/clear logs. Make it a firing offense to violate the
policy. Regularly review the logs for any abnormalities such as gaps
that would imply tampering.

Now if that is not seen as "everything possible" it has already been
mentioned in this thread that you CEO has the option of controlling
physical access to the data by encrypting them and moving them to local
storage, a locked file cabinet, etc.

--scott

Scott Mauvais, MCSE, MCSD, MCDBA

> -----Original Message-----
> From: Todd Schubert [mailto:tschubertjorycapital.com]
> Sent: Wednesday, August 08, 2001 1:44 PM
> To: focus-mssecurityfocus.com
> Subject: RE: File and email Security
>
>
> A couple things to add to my original post....
>
> 1. Email and file server operating systems are NT 4.0 sp6
> 2. Mail server is exchange
> 3. This is not a trust issue. This is a legal/contractual
> issue between our company and another company. Access to the
> files and emails must be very limited. The CEO has no
> problems trusting me but he has his hands kind of tied due to
> the legalities of the situation. There are also outsourced
> tech people who have admin access to parts of the system
> although they do not have physical access without internal
> people present. The CEO understands that I have to
> administer the network and will be able to get through
> anything I put up to safeguard the files. The issue is that
> the company must be seen as doing everything possible to
> ensure that the files and emails are confidential.
>
>
>
> -----Original Message-----
> From: H C [mailto:keydet89yahoo.com]
> Sent: Wednesday, August 08, 2001 3:17 PM
> To: Todd Schubert; focus-mssecurityfocus.com
> Subject: Re: File and email Security
>
>
>
> > Has anyone encoutered
> > something similiar to this
>
> Yes, I have. It's a trust issue. If there are files
> that only the CEO should see, and not the admins, then
> perhaps the files shouldn't even be on the network in
> the first place.
>
> Another option is to teach the CEO to use PGP, for
> both his files and email.
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with
> Yahoo! Messenger http://phonecard.yahoo.com/
>
>
>
> This e-mail and any attachments may contain confidential,
> privileged or proprietary information. If you are not the
> intended recipient, please notify the sender immediately by
> return e-mail, delete this e-mail (with any
> attachments) and destroy any copies. Any dissemination or
> use of this
> information by a person other than the intended recipient is
> unauthorized and may be illegal.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]