Law 6. Computer security depends on the reliability of the administrator is true. It is also true that administrators should be very small, and each has its own responsibilities and opportunities of access. Well, quite a flagrant violation is when a manager or department heads have administrative rights. An administrator should be the 'unwilling' to the organization. That is, a person must be selected – the observer (it just might be the boss at any level) who has the right to see and observe all the changes, but just to see (the right to change it does not). The administrator of the same direction have the right to make changes in this direction (such as a database administrator), but he changed nothing organizationally impossible.
For example, take a person at work – you need to make it into the system. As it usually happens? (I think you know) How should it be? Otlel personnel must fill out a form for new hires. This form is submitted employee's immediate supervisor, which he defines (placing a tick) which services and services (tazhe elektoronnaya mail and the Internet), the employee should have access. And only on the basis of this form (it can be electronically and on paper), the administrator enters the human system. Similarly, should occur very quickly and automatically lock a user account (it dlokirovka rather than removal – remove – this is also an error security) for his dismissal. Law 7. Security of encrypted data depends on how protected decryption key here, and add nothing special, everything is clear from the title.