Privileged Account Management Shadow Session -NOV 10

 

This scenario for this seminar involved the Coach walking us through a Privileged Account Recertification as an Infosec Analyst at Jefferson Health. The discussions were held around privilege levels, access control, and HIPAA compliance and most importantly, I finally gathered up the courage to interact with the hosts and asked quite a few questions. It was a lot of fun. 

The Coach talked about the rules and guidelines for recertifying and renewing privileged accounts. I learnt the step-by-step timeline of conducting this process, what are questions usually asked employees, what departments we usually deal with during such processes, what the steps involved in an auditing process etc. They shared the Google Doc that had the notes as well, and I think that's really cool for a reference document for the future. 

Even more fun? The moment I had geared myself enough to be able to interact over audio with the host, my computer's microphone stopped working :) I think it was a permission issue. Anyway, 

these were the two questions I asked. They were answered really well and I wish I had more time so I could have gone off this tangent even more. 

All in all, good fun. Proud of myself for breaking out, even a little.